Cor­tana in­ad­ver­tently opens the door to hack­ers

“I’m sorry, Chief.”

APC Australia - - Downtown Games -

Mi­crosoft’s voice as­sis­tant, Cor­tana, re­port­edly has a se­cu­rity vul­ner­a­bil­ity that al­lows hack­ers to com­pletely by­pass the Win­dows 10 lo­gin screen. A team of Is­raeli re­searchers dis­cov­ered that Cor­tana is al­ways on (to be ready to re­spond to voice com­mands), even when the com­puter is locked, mean­ing she — and by ex­ten­sion, the com­puter — can be in­ter­acted with. The­o­ret­i­cally, this gives a hacker the op­por­tu­nity to phys­i­cally con­nect a de­vice (a USB, for in­stance) with a net­work adap­tor into the PC, then give Cor­tana the or­der to launch the browser and head to a cer­tain un­en­crypted web­site. Cor­tana will ap­par­ently com­ply. “We can at­tach the com­puter to a net­work we con­trol, and we use voice to force the locked ma­chine into in­ter­act­ing in an in­se­cure man­ner with our net­work,” one of the re­searchers ex­plained. “We still have this bad habit of in­tro­duc­ing new in­ter­faces into ma­chines with­out fully analysing the se­cu­rity im­pli­ca­tions of it,” a col­league added.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.