Be Informed And Earn: Hackers Can Exploit Microsoft Cortana to Have Access Into A Locked Computer

Wednesday, March 7, 2018

Hackers Can Exploit Microsoft Cortana to Have Access Into A Locked Computer

Microsoft Windows isn't the best secured OS for computers, but if you follow these guidelines by Microsoft, you'll stand a higher chance of having a secured Windows PC. However, recent developments that came to light shows that hackers have found a way to exploit Microsoft's AI-powered digital assistant found in Windows 10 to gain access to a particular Windows computer, even if it is locked.
Hackers Can Exploit Microsoft Cortana to Have Access Into A Locked Computer
Image Credits: Shutterstock

This flaw was brought to light by an Israel-based researcher duo, Tal Be’ery and Amichai Shulman. They discovered that Microsoft Cortana besides being used to do several things like opening apps, doing simple math, suggest discount coupons, etc, can also provide hackers with a way to hack a Windows 10 PC, even if it’s locked.

Becuase Cortana uses voice commands, the hacker can issue voice commands to Cortana and redirect the computer to a non-HTTPS website. The task is accomplished by attaching a USB network adapter to the target PC which intercepts the traffic and redirects the computer to the attacker’s malicious site to download malware. And all this can be made possible because Cortana is an AI that was programmed to do just 2 things (which listen and execute commands), even when the computer is locked.

It was also discovered by Tal Be’ery and Amichai Shulman that an attacker can simply use the mouse to connect the target PC (the computer that is being hacked) to any WiFi network of their choice.

The damages done could've been massive if there wasn't one huge limitation, which is that the attacker must have a physical access to the target PC so as to initiate the first phase of the hack. After the first phase is completed, every other thing can be done remotely.

Just like every other cyber attack which starts with one PC and spreads to all the machines that are connected to the same network, with this new Cortana flaw the method of affecting other computers on the same network is still the same. 

An infected PC communicate with other (uninfected) machines on the local network and infect them with the help of a technique called ARP Poisoning, tricking the machines on the local network to route their traffic through attacker’s network.

To mitigate the issue before a patch is released, Microsoft once notified of the issue now makes all of Cortana’s internet requests pass through Bing but for now, Cortana’s functionality to respond while a PC is locked remains unchanged, but I sincerely hope it'll be fixed asap.

In case, you still have concerns, you can your Windows 10 PC's Cortana to become inactive while your PC is locked by visiting Settings >>> Cortana. Turn off the radio button that says “Use Cortana even when my device is locked.”


Also Read:   New MacOS Flaw Shows That Anyone Can Login to Your Mac PC Just By Using Root as Username




If You Enjoyed this Post, Kindly take 5 Seconds and Share it With Your Friends on

No comments:

Post a Comment

***We ❤ to hear from you, Tell us Your views and opinion. Please note that comments are always moderated, Abusive comments won't be approved, and spammy comments are deleted automatically