At the Black Hat conference in Las Vegas this week, security researchers Amichai Shulman and Tal Be’ery from Kzen Networks revealed that Cortana vulnerabilities could be used to bypass the security of Windows 10 systems. It is worth noting that the vulnerability has been fixed in June this year.
Although the vulnerability fixed, researchers still believe that Microsoft’s ability to allow users to interact with Microsoft Cortana in a lock screen state is a dangerous decision. The researchers said that the vulnerability displayed in this show is already a very high-risk vulnerability, and the attacker can directly take over the device in the lock screen state with the help of the weakness.
Image: Microsoft product screenshot, used with permission from Microsoft.
Even an attacker can execute a PowerShell script without logging in, so it doesn’t make sense for a hacker to get a user password. In some cases, the attacker can also directly increase the administrator rights through Microsoft Cortana, that is, not logged in to obtain administrator rights to execute any application.
After taking over, you can execute arbitrary code and view media content such as local sensitive files and images, or you can load new malicious programs directly from the network.
The vulnerability does not involve any external code or system calls, so antivirus security software cannot detect such attacks. In addition to the above vulnerabilities, the researchers also revealed Microsoft’s Cortana voice command vulnerability, which took over the locked device by integrating voice commands and cyber fraud.
In this case, the hacker can continue to send a malicious load to the user device, causing it to be inoperable, and then spoofing the user by phone.
Therefore, based on security considerations, users should check the latest updates through Windows Update as soon as possible to ensure that the system is up to date to improve security. This is why researchers believe that Microsoft’s voice interaction is too dangerous in the lock screen state because there are too many potential threats.