Warning: Hackers can use Cortana to access a locked Windows 10 PC
Locking your PC is fundamental to preventing others from accessing it when you leave it unattended. But now security researchers have shown that it is possible to use none other than Windows 10's Cortana to bypass a password-protected lock screen.
A pair of Israeli researchers found that it is possible to use voice commands to access a locked computer and install malware.
- Microsoft is dropping Windows 10 S as a standalone product in favor of S Mode
- Microsoft confirms Windows 10 S will become a 'mode' of Windows 10 next year
- Microsoft releases Windows 10 Spring Update (RS4) Build 17115 for the Fast ring, with big privacy changes
Tal Be'ery and Amichai Shulman discovered that someone with physical access to a computer could connect a USB device and use Cortana to wreak havoc. Motherboard explains that the researchers "found that the always-listening Cortana agent responds to some voice commands even when computers are asleep and locked, allowing someone with physical access to plug a USB with a network adapter into the computer, then verbally instruct Cortana to launch the computer's browser and go to a web address that does not use https -- that is, a web address that does not encrypt traffic between a user's machine and the website. The attacker's malicious network adapter then intercepts the web session to send the computer to a malicious site instead, where malware downloads to the machine, all while the computer owner believes his or her machine is protected."
Check out the video below to see the "hack" in action:
News of this security hole will come as something of a surprise to many people, and it's thanks to the fact that Cortana is set to listen out for commands at all times. By disabling this setting, you can plug the vulnerability.
- Open up Settings and head to the Cortana
- Under the Lock Screen heading, toggle the Use Cortana even when my device is locked switch to the Off position