Click image for larger size.
"Update Windows 10 NOW:
Major Microsoft security flaw could let hackers use Cortana
to bypass your password and access private files your computer."
By Aaron Brown
"Security experts have warned about a major security flaw in Windows 10 that could allow hackers to bypass the password on your computer and access private files. The cyber attack leverages a vulnerability in digital assistant Cortana. The Microsoft voice assistant is built into every version of Windows 10 and is designed to schedule calendar appointments, check the weather, set reminders, send emails, and more. However, the new security flaw could enable hackers to browse files, install a virus, and even reset your password – locking you out of your own machine.
The flaw allows criminals to invoke the Cortana desktop menu from the lock screen – when the computer is supposedly secure – and use it to trawl files on the system. Security researchers were able to use the same flaw to trick the AI assistant into launching a malicious app to reset the password and gain full access to the PC. The hack was discovered by McAfee security researchers and works on laptops and desktop computers that are password protected.
The only requirement for the hack to work is for voice assistant Cortana to be enabled on the lock screen, which is the default setting when installing Windows 10. McAfee experts discovered a glitch in Windows 10 which allowed them to summon the full desktop interface for Cortana by typing any key while the voice assistant was listening to a query on the lock screen of the computer. This desktop window has a lot more functionality, since it is usually only accessible after you have logged into the computer. As a result, the desktop window includes the ability to search files and apps on the system, something that is usually blocked on the lock screen.
The McAfee researchers were able to search for files saved on the computer and read file names, details, and, in some cases, a short preview of the text stored inside the file itself – all without entering a password into the computer. Worse still, McAfee experts were able to use the flaw to summon the Cortana menu and use it to open malicious files from USB drives plugged into the computer. This was possible because of the almost-constant indexing performed by Cortana in the background of Windows 10.
This indexing process is what enables Cortana to find the files on your computer. However, it also allows hackers to find their own malicious apps stored on a USB, which was inserted into the computer after the owner had locked the system. These malicious apps can be used to change passwords, infect Windows 10 with viruses, and get unfettered access to the machine.
McAfee researchers Cedric Cochin and Steve Povolny announced the flaw in a blog post, writing: ‘Personal digital assistants such as Siri, Alexa, Google Assistant, and Cortana have become commodities in many technologically inclined houses. 'From telling jokes, to helping with the grocery list, to turning on the kitchen lights, these robotic voices are beginning to feel oddly more and more personal as they expand their roles in our daily lives. However, we should consider the increased risk of built-in digital personal assistants when looking at new attack vectors for laptops, tablets, and smartphones.’
McAfee recommends disabling the ability to use voice assistant Cortana from the lock screen. Microsoft fixed the flaw in Cortana as part of its latest operating system update, which started to roll-out to users earlier this week. It's unlikely that most users will already have the patch installed, with business customers typically taking much longer to update their systems. This could leave a vast number of users still vulnerable to the attack worldwide.
Elsewhere, McAfee says it is only scratching the surface of potential attacks that leverage digital assistants via vocal commands, with the Santa Clara-based company promising to keep digging in future. ‘The attack surface created by vocal commands and personal digital assistants requires much more investigation; we are just scratching the surface of the amount of research that should be conducted in this critical area,’ the researchers wrote.
This is not the first time Cortana has been used by hackers to gain access to Windows 10 machines. A pair of independent Israeli security researchers unearthed a flaw back in March which could be used to infect a computer with a virus. According to the researchers, the flaw could allow an attacker to plug a USB with a network adapter into a computer and command Cortana to open the web browser and navigate to a specific address, even ones that don't use https, meaning that the traffic between the user's device and the site is not encrypted. The malicious network adapter can then intercept the web sessions to send the device to a malicious website, where malware can be downloaded to the machine.
Microsoft has since fixed the issue by forcing all browsing done through Cortana to go via its own Bing search engine, ruling out the possibility of forcing the Window 10 machine to navigate to unencrypted sites.”