Israeli security experts discovered a method to bypass the Lock Screen menu and user password used to protect Windows 10 computers and install malware apps using voice commands, with the help of the Cortana personal assistant.
Even when Windows 10 computers require a password and they have the Lock Screen activated, the voice assistance service is still active and can respond to certain voice commands. In newer generation devices, Cortana can also be activated in the Sleep mode. This behavior is intentional, Cortana’s role being to reply to users in any moment. But the freedom Cortana enjoys can have unexpected effects is Cortana follows instructions that are not compatible with the privileges of a restricted user.
With physical access to the device, an attacker must first connect a USB stick with the malware app Cortana has to install. If needed, the attacker can use Cortana to connect to a different Wi-Fi network. With the help of voice commands an attacker can start a web browser and access an insecure website in order to download and install infected apps, without having to enter the password and going past the Lock Screen.
By also using a Wi-Fi network controlled by the attacker, it is also possible to launch phishing attacks by directing HTTP connections to duplicate versions of legitimate websites, this getting access to credit card information, passwords, banking details and other sensitive information.
The good news is that Microsoft has already fixed these problems and the updated version of the Cortana personal assistant fixes some issues. Still, Cortana still replies to voice commands given in Lock Screen and it remains to be seen if where aren’t any other ways to get access to Windows 10 computers.