Cortana Assistant Security Vulnerability

In order to provide user-friendly experience, there are many technology companies who are continually introducing powerful virtual assistants that work across several devices. On the other hand, for a certain group of technology-competent individuals, these smart assistants can virtually open a gateway for the purpose of hacking. As per a recent report, 2 Israeli security researchers were able to download malware onto a locked Windows PC. This was possible on account of accessibility provided by Cortana that helped users to open websites locked on certain PCs. In other terms, Cortana gave an opportunity to hackers, and even a helping hand to them to gain access to locked websites.

Cortana, a virtual assistant, has been created for Windows 10. Most recently, it added an additional feature that can be helpful to use Cortana from the Windows 10 lock screen. This development can’t be termed as innovative, since, Google Assistant and Siri are able to do so on Windows 10 as well as Smartphones. This functionality while the screen is locked is limited in the case with Siri and Google Assistant, but Cortana is an exception.

Even if the PC is locked, the users can open websites using Cortana. The websites can be loaded, and Cortana allows for the same without making any sense or being visible in this process. The oddness of this nonsensical feature of Cortana can actually be an opportunity to gaining a wrongful access to the computer. As a result, the hackers can perform their nefarious activities on any of the computers linked to the same network.

The Israeli security researchers carried out the process by plugging in a USB using a network adapter. Subsequently, it was able to secure webpage opening requests and redirect them to a malicious site. After that, this site will automatically install malware by downloading it, thereby, providing hackers an opportunity in the form of a gateway to gaining access to the locked computer. Evidently, this kind of unauthorized access was temporary, and no physical access to that computer was involved. However, the compromised PC can be used by the hackers for several illegal means to infect other computers linked to the same network, including Cortana.

Unfortunately, Microsoft was made aware of the insecurity on account of Cortana, but their reaction is amusing. Cortana has been observed to be bypassing security passwords. As a substitute for opening a webpage directly, it will now redirect the webpage opening command to the Bing search engine. Even so, it will still respond to the website opening command, and the researchers are making an effort to discover other similar cases where Cortana can be utilized to ignore security. As a security measure, Cortana can also be set to respond only to your peculiar voice. Even, this measure has been found to be non-reliable and non-perfect.


Post a Comment