Cortana is the AI-powered digital assistant that has ane of its homes inwards Windows 10. It tin create diverse tasks such equally opening apps, doing unproblematic math, propose discount coupons, etc. But an Israel-based researcher duo, Tal Be’ery in addition to Amichai Shulman, convey discovered about other affair Cortana tin do. It tin furnish hackers a agency to hack a Windows 10 PC, fifty-fifty if it’s locked. Locking your PC is cardinal to preventing others from accessing it when y'all hold upwardly out it unattended. But this tin plough over if the PC’s OS is installed amongst default settings.
The unproblematic “hack” involves activating Cortana via vocalism ascendancy to opened upwardly websites on a PC that’s been locked. An aggressor tin number vocalism commands to Cortana in addition to redirect the estimator to a non-HTTPS website. The trace of piece of occupation is accomplished yesteryear attaching a USB network adapter to the target PC which intercepts the traffic in addition to redirects the estimator to the attacker’s malicious site to download malware.
Motherboard explains that the researchers "found that the always-listening Cortana agent responds to about vocalism commands fifty-fifty when computers are asleep in addition to locked, allowing somebody amongst physical access to plug a USB amongst a network adapter into the computer, in addition to then verbally learn Cortana to launch the computer's browser in addition to larn to a spider web address that does non role https -- that is, a spider web address that does non encrypt traffic betwixt a user's motorcar in addition to the website. The attacker's malicious network adapter in addition to then intercepts the spider web session to post the estimator to a malicious site instead, where malware downloads to the machine, all piece the estimator possessor believes his or her motorcar is protected."
The researchers’ assault method was successful because Cortana allows straight browsing to websites. The aggressor tin merely role the mouse to connect the target PC to their preferred WiFi network.
