Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Bypassed Windows Password Locks With Cortana Voice Commands (vice.com)

Posted by msmash on from the security-woes dept.

Two independent Israeli researchers found a way for an attacker to bypass the lock protection on Windows machines and install malware by using voice commands directed at Cortana, the multi-language, voice-commanded virtual assistant that comes embedded in Windows 10 desktop and mobile operating systems. From a report: Tal Be'ery and Amichai Shulman found that the always-listening Cortana agent responds to some voice commands even when computers are asleep and locked, allowing someone with physical access to plug a USB with a network adapter into the computer, then verbally instruct Cortana to launch the computer's browser and go to a web address that does not use https -- that is, a web address that does not encrypt traffic between a user's machine and the website. The attacker's malicious network adapter then intercepts the web session to send the computer to a malicious site instead, where malware downloads to the machine, all while the computer owner believes his or her machine is protected.

11 of 90 comments (clear)

  1. Physical access by Gavagai80 · · Score: 4, Informative

    Since this requires physical access, I propose an alternate method: unscrew the laptop and put whatever devices you want inside.

    --
    This space intentionally left blank
    1. Re:Physical access by Anonymous Coward · · Score: 2, Funny

      The manufacturers have already done that!

    2. Re:Physical access by Khyber · · Score: 2

      "Yeah indeed, let's complain about the people who open devices for a living"

      No, they make videos for a living. I open devices for a living, far more than they have ever done. Hundreds of thousands in repair depots around the country.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    3. Re: Physical access by Monster_user · · Score: 2

      The USB was not required. It was merely a VERY effective means of exploiting this weakness.

      The USB allowed a direct Man in the Middle attack, which is why it doesn't work for HTTPS sites. A highly coordinated effort does not require physical access to the machine itself, on a weak link in key infrastructure and audible proximity to the device in question.

      The USB adapter serves the same purpose as a poisoned DNS cache or routing table.

      The USB device did not install software, Cortana did, as she was instructed to do so.

  2. Nope by h8sg8s · · Score: 2

    Just another reason to not use Cortana or any of the other voice-activated appliances from Amazon, Apple, Google, etc.

    --
    Organization? You must be joking..
  3. History repeats by lucasnate1 · · Score: 4, Interesting

    In the past, you could hack into old windows machines by pressing F1 at password prompt. If the help file was missing, it would ask you to browse and find it, which would allow you to right click on executables and run them. Nice to see that some things never change.

    --
    Avantgarde Hebrew science fiction
    1. Re:History repeats by thegarbz · · Score: 4, Interesting

      You didn't even need a missing help file. If you could open the help bubble you could right click and click print. Then from the print dialogue you could open a proper windows help screen. From there if you opened the index search and opened a different help topic you'd get a full windows help screen with menubar. Then just click file, open, navigate to the windows folder, right click on explorer.exe and run it.

  4. Easily fixed by Anonymous Coward · · Score: 2, Informative

    It is a relatively simple matter to configure Cortana to ignore commands when the voiceprint of the issuer is not the owner of a machine account. Simply enabling this option would prevent this type of attack.

  5. Physical access by chaotixx · · Score: 4, Informative

    If a determined attacker has physical access to your machine you've lost via any number of methods.

  6. Marketing over security by swb · · Score: 4, Insightful

    Wow, what a fail by Microsoft. It should be beyond obvious to anyone with a pulse that not providing a way to completely disable Cortana opens computers up to an entire Pandora's box of security vulnerabilities.

    It's totally obvious Microsoft is just jamming this down everyone's throat, especially business users, because they know they can get big (and mostly bullshit) "adoption" numbers and operational data for Cortana.

    Of course the larger problem is nobody wants Microsoft's bullshit attempts to re-invent themselves as Google, Amazon/Alexa or Apple/Siri. So they will cram it down everyone's throats and get some minor level of usage just because it's there even though it aggravates most everyone else.

  7. What does the network adapter have to do with it? by Anonymous Coward · · Score: 2, Interesting

    I don't get it. The attack as described involves plugging in a compromised network adapter so that you can tell Cortana to go to an insecure website, and instead direct the machine to a different site that serves malware. Why not skip the network adapter, and just tell Cortana to go straight to a malware site instead?