Users of the new operating system Windows 10 can find it offers some functions to ease their life. They may get suggestions of discount coupons, open apps or apply simple math, just to name a few. It can be done through its AI-powered digital assistant named Cortana. In fact, this digital assistant may go even further, as two researchers based in Israel have noticed. Unfortunately, it has gone too far and it allows hackers to get in despite being locked. Microsoft already designed some solutions, but users may take some actions to assure they are protected.
Hackers are able to install malware inside the computers by redirecting them to their malign sites through Cortana. But, how do they do it? First, the attacker redirects a computer to a non-HTTPS website by issuing voice commands to the digital assistant Cortana. When they attach a USB network adapter to the computer, it diverts the traffic to the hacker´s site. Once it arrives there, the malware is downloaded.
Cortana´s design allows that users may listen and respond to voice commands. Despite being locked, a computer may still conduct such tasks. Hackers just need to use a mouse to set a connection between the computer and the WiFi network they select. Cortana makes it easier because it lets them go to any website with direct browsing.
Limits to hackers
But hackers have to cope with some limits. They need to access the machine physically. But, if they want to conduct a massive attack it is only necessary to access the first computer. The infection requires that hackers apply the ARP Poisoning method. It allows hackers to trick the computers on the local network and take it across hackers´ network. As infected computers can still communicate with other computers on their local network, the infection spreads.
Although Cortana´s ability to respond voice commands while the computer is locked has not changed, Microsoft found a partial solution. Now all Cortana´s internet requests have to go through Bing browser and hackers can´t make it access directly to their sites. But, if you want to protect your computer, you just need to disable Cortana. To do so, go to Settings in Cortana on Windows 10 lock screen. Then turn off the command “Use Cortana even when my device is locked”.
Using voice commands to hack computers is not a new discovery. It has already been used in the past to take advantage of the newest technologies. Israel based researchers pointed out that it is necessary to further analysis of new interfaces before introducing them into the computers. As they know these vulnerabilities have not been fully explored, they continue to expand their research to those voice commands and beyond.