Cortana bypassed passwords to browse sites on locked PCs

By JC Torres/March 6, 2018 9:51 pm EST

AI-powered smart assistants have become the newest weapons tech companies have in the market. For some people, they are life-changing and habit-forming. For others, they are mere curiosities. But for a certain group of tech-savvy users, they are opportunities to hack into devices. Two Israeli security researchers have come across a way to download malware onto a Windows PC, even when it's locked. All because Cortana might have been too helpful to give users, whether its own or others, a helping hand.

It was only recently that Microsoft added the ability to use Cortana from the Windows 10 lock screen. That in itself isn't exactly revolutionary, as others like Siri or Google Assistant are able to do so as well on smartphones. Normally, you'd expect that functionality would be limited while the screen is locked, which is exactly the case with Google Assistant and Siri. Not for Cortana in this specific case.

Users can tell Cortana to go to a website even when the computer is locked. Cortana then dutifully loads the website, even when it doesn't make sense because it won't be visible anyway. But more than just a nonsensical oddity, it can actually be a gateway to gaining unauthorized access to the computer and, consequently, any other computer connected to the same network.

The researchers plugged in a USB with a network adapter that will capture web requests and redirect them to a malicious site. That site will then automatically download and install malware that will then provide hackers access to the computer. Of course, it does require them to have physical access to that PC, but only temporarily. And once that PC has been compromised, they can use a variety of tactics to infect other computers sitting on the same network, sometimes through Cortana as well.

Microsoft was already made aware of the vulnerability and its response is amusing, to say the least. Instead of opening the web page directly, Cortana will now redirect the command to Bing search. It will, however, still respond to the command and the researchers are trying to find other such cases where Cortana can be used to bypass security. Alternatively, you can also set Cortana to respond only to your voice and not others', but that has also been proven not to be so foolproof as well.