Cortana is the AI-powered digital assistant that has one of its homes in Windows 10. It can do various tasks such as opening apps, doing simple math, suggest discount coupons, etc. But an Israel-based researcher duo, Tal Be’ery and Amichai Shulman, have discovered another thing Cortana can do. It can provide hackers a way to hack a Windows 10 PC, even if it’s locked. Locking your PC is fundamental to preventing others from accessing it when you leave it unattended. But this can happen if the PC’s OS is installed with default settings.
The simple “hack” involves activating Cortana via voice command to open websites on a PC that’s been locked. An attacker can issue voice commands to Cortana and redirect the computer to a non-HTTPS website. The task is accomplished by attaching a USB network adapter to the target PC which intercepts the traffic and redirects the computer to the attacker’s malicious site to download malware.
Motherboard explains that the researchers "found that the always-listening Cortana agent responds to some voice commands even when computers are asleep and locked, allowing someone with physical access to plug a USB with a network adapter into the computer, then verbally instruct Cortana to launch the computer's browser and go to a web address that does not use https -- that is, a web address that does not encrypt traffic between a user's machine and the website. The attacker's malicious network adapter then intercepts the web session to send the computer to a malicious site instead, where malware downloads to the machine, all while the computer owner believes his or her machine is protected."
The researchers’ attack method was successful because Cortana allows direct browsing to websites. The attacker can simply use the mouse to connect the target PC to their preferred WiFi network.