One of the most basic security measures in Windows 10, which prevents others from accessing your system, is the password lock. The password lock not only prevents others from accessing your system, but also protects it from malware that can be injected using a USB stick. However, two independent Israeli researchers have found a way to bypass the password lock using Cortana voice commands.
Tal Be’ery and Amichai Shulman discovered that the always-listening feature in Cortana responds to a few voice commands even when the system is locked. This allows someone with physical access to plug in a USB with a network adapter and instruct Cortana to launch the browser to access a website that doesn’t use https. The network adapter can then intercept the web session to redirect the system to a malicious website and download malware directly into the machine.
Motherboard quotes Shulman as saying:
“We start with proximity because it gives us the initial foothold in [a] network…We can attach the computer to a network we control, and we use voice to force the locked machine into interacting in an insecure manner with our network…One of the things we saw was that even when a machine is locked, you can choose the network to which the machine is attached.”
The attack designed by the researchers worked only because Cortana allowed them to browse websites even when the system was locked. Using the method, the researchers were able to download malware into a machine and then infect every machine on the network.
In order to prevent attackers from exploiting the vulnerability, the researchers disclosed it to Microsoft and the company has since fixed the problem. Now, all the web browsing done through Cortana on a locked system is redirected to the Bing app instead of going directly to a web page. However, your PC is still at risk if you are using an outdated or pirated version of Windows 10 with the older version of Cortana.