Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Researchers Bypassed Windows Password Locks With Cortana Voice Commands

  • Please log in to reply
No replies to this topic

#1 JohnC_21


  • Members
  • 24,829 posts
  • Gender:Male
  • Local time:05:44 PM

Posted 09 March 2018 - 03:12 PM

One of the most basic steps a computer user can take to secure their system against someone with physical access to it is to configure it to password-lock after an interval of inactivity. This prevents nosy office colleagues and Starbucks patrons from peering at your screen when you step away, and also helps protect against most "evil maid" attacks—where a malicious hotel worker, airport security agent, or someone else with brief access to your machine plugs a malicious USB stick into it to implant spyware.

But two independent Israeli researchers found a way for an attacker to bypass the lock protection on Windows machines and install malware by using voice commands directed at Cortana, the multi-language, voice-commanded virtual assistant that comes embedded in Windows 10 desktop and mobile operating systems.


The attack Be'ery and Shulman designed works because Cortana allowed direct browsing to web sites, even when a machine was locked—or at least it did until Microsoft fixed the problem after the researchers disclosed it to the company.


Edited by JohnC_21, 09 March 2018 - 03:19 PM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users