Researchers have announced they will demonstrate how they are able to bypass the password-protected Windows 10 lock screen and then install malware from a website, through Microsoft’s digital assistant, Cortana. The demonstration will take place during Kaspersky’s Security Analyst Summit that will be held from 7th till 11th March in Cancun, Mexico.
Even when the Windows 10 system is locked and in sleep mode, Cortana still listens for specific voice commands, Israeli security researchers Tal Be’ery and Amichai Shulman found. An attacker with physical access to a locked Windows 10 computer could insert a malcious USB network adapter to the system, connect it to a Wifi network (that is under his control), and then use Cortana to start the browser and visit a non-HTTPS website. It’s possible to change Wifi networks, even when the system is locked, the researchers found.
Using the network adapter it’s then possible to intercept the HTTP request and to sent the browser to a malcious website instead. From the malcious website, malware is downloaded and installed on the system. After the researchers warned Microsoft, the software giant solved the issued by forcing all browsing done through Cortana and a locked machine to go to its Bing search engine instead of directly to a web page.
Unfortunately for Microsoft, Cortana still responds to other commands when locked, and the researchers are currently trying to find out what else they might get Cortana to do in a locked state.