Cortana inadvertently opens the door to hackers
“I’m sorry, Chief.”
Microsoft’s voice assistant, Cortana, reportedly has a security vulnerability that allows hackers to completely bypass the Windows 10 login screen. A team of Israeli researchers discovered that Cortana is always on (to be ready to respond to voice commands), even when the computer is locked, meaning she — and by extension, the computer — can be interacted with. Theoretically, this gives a hacker the opportunity to physically connect a device (a USB, for instance) with a network adaptor into the PC, then give Cortana the order to launch the browser and head to a certain unencrypted website. Cortana will apparently comply. “We can attach the computer to a network we control, and we use voice to force the locked machine into interacting in an insecure manner with our network,” one of the researchers explained. “We still have this bad habit of introducing new interfaces into machines without fully analysing the security implications of it,” a colleague added.