Researchers have shown a simple method which could turn out to be a physical type of security risk for victims, using Cortana.
Just like Siri, Cortana is enabled by default on all Windows 10 devices and the assistant works even during the lock screen being active. So this basically means that even if you have not logged in Windows, you can use Cortana to ask questions whether by voice or by typing them. To browse and find answers for your questions, Cortana reportedly uses Microsoft Edge Browser and Internet Explorer 11.
Researchers at McAfee have performed a test to see how an attacker could potentially abuse this fact only to realize that they were able t exploit the virutal asistant to gain control over the device.
How Can Cortana be Abused
McAfee have researched thoroughly how a hacker could effectively compromise Cortana in order to gain control of data on the machine and hence run malicious code on the victim PC which may even change your login password. Depending on how you do it, Cortana can respond with more actions, like display search results or web links that lead to different types of trusted websites. If there is an official site that can answer your question, cortana may show you results from it. The bad news here is that Cortana may also show results listed on Wikipedia. Since Wikipedia can be edited by anyone, some specific attackers can use it to answer a very specific Wikipeida question and add a web link which Cortana will assume is trusted.
Researchers Cedric Cochin and Steve Povolni had the following comment on their report:
It is surprising that links are offered and clickable when the device is locked. If you start your favorite network sniffer or man-in-the-middle proxy, you will see that the links are visited as soon as the user clicks on them, irrespective of the device’s locked status.
This means we can force navigation to a website (though not yet the one we want) when the device is locked. However, we have seen that Cortana can be picky in how she offers results. Bing must already know these results, and most links are known trusted sites.
This type of abusing can lead to different types of unsafe accounts, the main idea behind which may be to infect the computer with different malware, that may damage or unlock it.
Being easy to say than do, Wikipedia is very good at checking it’s web links, but attackers can use web pages, whose domains have already expired to purchase the domain name and use the URL to lead to a malicious site.
Once this domain is taken over, the URLs that may lead to Wikipedia may contain an exploit which can trigger infections of all types. McAfee researchers have detected those free URLs with no content to be from a very high number, since Wikipedia has a lot of content.
Contana Even Allows Web Browsing
In addition to this, researchers have also established that Crotana can also be misguided into allowing the user to direclty browse the internet by using specific Cortana skills and commands that allow link hopping and this can even result in gaining access to social media sites and other third-party services and places on the web.
The digital assistant of Microsoft can also be used to even log in to social media sites, from the likes of Facebook, Twitter and other sites and among their reccomendations is to avoid using Edge and Internet Explorer for Facebook login.
This is not the first scandal revolving around Cortana as researchers have reported the assistant to collect a lot of sensitive information:
The good news is that these attack methods are not likely to become massive or popular, but they are not to be disregarded, primarily because of the fact that with careful trickery, this vulnerability could be used to spread massive malware, like worms or other forms of viruses as long as hackers have physical access.