If you felt your password was enough to protect your computer, it is time you change your mind. Yes, two researchers namely Tal Be’ery and Amichai Shulman from Israel have found a way to unlock Windows and insert a malicious malware by using Cortana.
Cortana, a voice command agent, or you can call it the ‘Siri of Microsoft’, is a preinstalled voice command software on Windows 10. While launching Cortana, Microsoft was very enthusiastic about the usage and progress of the software. However, while celebrating the success of the Cortana, Microsoft overlooked the security aspect of it.
Highly confident about the success of Cortana, Microsoft did not think of Cortana bypassing the mobile lock or desktop password and straightaway launching into a searched term. The two Israel based researchers not only compromised the password but also inserted the malware in the laptop.
They have told that anybody who has the physical access to the hardware can unlock the machine when it is password protected. By inserting a USB adapter and commanding Cortana with certain voice instructions, one can open the web page. The web page is not HTTP protected and redirects to a non-encrypted website.
This leaves an open network for the attackers to intercept the session in order to divert the system to the malicious website from where automated malware can be installed on the system straightaway.
Tal Be’ery, one of the two researchers, adds, “We still have this bad habit of introducing new interfaces into machines without fully analyzing the security implications of it.” He adds, “Every new machine interface that we introduce creates new types of vehicles to carry an attack vector into your computer.”
While at this point, the security problem is of the physical type, it can later affect the whole network. This way, attackers can take complete control of the entire network using the same voice commands on Cortana.
Microsoft on its part has understood the magnitude of the problem, its implications, and possible damages in the future. Therefore, in order to immediately address the issue, Microsoft redirected the browser to Bing upon unlocking by Cortana to avoid any network loopholes.
However, those who tested the new measures of Microsoft are not yet satisfied with security measures of Cortana. According to the researchers, the number of voice commands is more than one and there could be another set of voice commands that may help Cortana bypass the security net on mobile as well as on a laptop.
Researchers are said to be exploring more ways to see how Cortana can be manipulated using voice command. However, Microsoft really needs to think about the Cortana and its impenetrable security system and feature robustness.
For Microsoft, the remedy cannot end at Cortana but must address the same security issues in all upcoming software products as well if Microsoft wishes to stay ahead of the competitors.