Researchers bypass Windows Login Screen using Cortana; Microsoft fixes the vulnerability

Password has always been the first line of defence when it comes to protecting our computers, smartphones or any other electronic devices. While newer laptops are offering authentication features like the fingerprint sensor and Windows Hello, the password is still used by a majority of users. I personally prefer locking my Windows PC even when I am away for a tea break. With the password in place, rest assured that our data will remain safe from the prying eyes, or we think so?

Cortana Skills Kit

Two independent Israeli researchers have unearthed a new way to bypass the lock protection on Windows machines and install malware. All of this is carried out by using voice commands with Cortana, the virtual assistant that is designed to make our lives easier.

Tal Be’ery and Amichai Shulman found a way to exploit the always-listening Cortana agent to respond to voice commands even when the computer is locked. This would essentially allow anyone with an access to plug a USB network adapter to verbally instruct Cortana to open up the web browser. In the next step, the malicious network adapter intercepts the web session and redirects the browser to a malicious site.

This is what Shulman had to say, “We can attach the computer to a network we control, and we use voice to force the locked machine into interacting in an insecure manner with our network.”

Moreover, attackers can also connect the targeted computer to a WiFi network and control the machine remotely. This is perhaps a side effect of simplifying things with Cortana for the benefit of users. The researchers also point out that this could very well shape as the jumping point for infecting other PC. This technique is generally referred to as ARP poisoning.

Thankfully Microsoft has already fixed the issue by compulsorily forcing all of the browsing done through Cortana to fo to its Bing search instead of opening up the direct web page. That being said researchers opine that other Cortana commands can be exploited in a similar manner and are analysing the same.


Posted by with Tags
Mahit Huilgol has been using Windows on PC and Mobile since long. He has been following Microsoft developments from close quarters and loves writing about it.

One Comment

  1. Is it kinda stupid or what? He said, hey cortana, open the and then entered the password to login to the computer. What’s the flaw in it? I don’t find any vulnerability in it. ?
    You might think that people could install malicious scripts by uploading the malware to their own site and asking cortana to open it through lock screen, don’t you think windows defender won’t let you open that malicious page?

Leave a Reply

Your email address will not be published. Required fields are marked *

6 + 3 =