Locking your PC is fundamental to preventing others from accessing it when you leave it unattended. But now security researchers have shown that it is possible to use none other than Windows 10's Cortana to bypass a password-protected lock screen.
A pair of Israeli researchers found that it is possible to use voice commands to access a locked computer and install malware.
Tal Be'ery and Amichai Shulman discovered that someone with physical access to a computer could connect a USB device and use Cortana to wreak havoc. Motherboard explains that the researchers "found that the always-listening Cortana agent responds to some voice commands even when computers are asleep and locked, allowing someone with physical access to plug a USB with a network adapter into the computer, then verbally instruct Cortana to launch the computer's browser and go to a web address that does not use https -- that is, a web address that does not encrypt traffic between a user's machine and the website. The attacker's malicious network adapter then intercepts the web session to send the computer to a malicious site instead, where malware downloads to the machine, all while the computer owner believes his or her machine is protected."
Check out the video below to see the "hack" in action:
News of this security hole will come as something of a surprise to many people, and it's thanks to the fact that Cortana is set to listen out for commands at all times. By disabling this setting, you can plug the vulnerability.