Even locked, a computer running Windows 10 and therefore equipped with Cortana could execute voice commands. A potential door open to hackers according to a duo of security researchers, which was quickly closed by Microsoft.

Locking your computer is the best way to prevent someone from accessing it without your knowledge, like a joking colleague who would take advantage of your absence during a lunch break to write a lot of junk on your page Facebook or Twitter. The concerned will recognize themselves. In any case, this relative protection has been undermined by two Israeli security researchers. It must be said that they were able to count on an assistant of choice: the Cortana voice assistant.

IA as treason in the air

Before presenting the results of their research at the Kaspersky Analyst Summit 2018 conference on March 9, Tal Be’ery and Amichai Shulman detailed their action on the Motherboard site . They discovered that even when locked, a computer running Windows 10 listened to a user’s voice commands, and could execute some, such as opening a web page. A task that seems innocuous, but can be very useful to a malicious person.

It is enough for a hacker to connect the locked computer to a Wi-Fi network that he has control, a possible action from the lock screen, then order Cortana to open a Web page in HTTP, which will be intercepted. From there, the browser will be directed to a trapped site, which will infect the computer with malware or spyware.

The two researchers applied an ARP poisoning attack, which consists in recovering the IP address of a terminal, in order to pretend to be a virus and spreading it in all the machines connected to a local network. In one video, we can see that Cortana queries have been changed to direct an infected computer to a malicious site.

 

The hacker can also use the speakers of a hacked computer to launch a voice command to other machines equipped with Cortana, just to repeat the initial attack. For its part, Microsoft has indicated that Cortana could no longer open a web page when a computer was locked.