A group of computer security researchers had found a way to circumvent the security of Windows computers to install malware through the use of voice commands directed at Cortana. Although the method was not easy and required physical access.
Thanks to a USB network adapter and the virtual assistant, the specialists were able to bypass the system lock that we can carry out by pressing the Windows key and the L key or that can be triggered automatically after some time of inactivity. The measure that allows us to limit physical access to the team when we separated for a while from it left a door open to potential attackers.
Cortana always listens and there was the problem
Tal Be’ery and Amichai Shulman, the two Israeli researchers responsible for the discovery, discovered that the multilingual, voice-commanded virtual assistant that comes integrated in Windows 10 always listens , even responds to some voice commands when the computers are inactive and blocked.
Their way of circumventing security was to have physical access to the computer, plug into it a USB with a network adapter, and then verbally tell Cortana to run the computer’s browser and go to a web address that does not use https . A URL that, therefore, does not encrypt the traffic between the user’s computer and the website.
Once this was achieved, it was enough for the attacker’s malicious network adapter to intercept that web session to send the computer to a malicious site instead of the dictated web http. From the impersonation website the malware was downloaded, while the computer is supposedly protected by blocking. The problem would not only affect the affected team, since the same attack concept could be used to amplify it by infecting other computers that share a room or office, as well as a local network. However, Microsoft has corrected the problem.
As explained in Motherboard , half who has spoken with both specialists, the Redmond have solved the vulnerability by having Cortana go to Bing instead of a web page directly , although a URL is dictated. They took this action after being notified of the problem by Be’ery and Shulman. However, both claim that Cortana continues to respond to other commands when it is blocked and are currently experimenting to see what other possible vulnerabilities may be.