Critical flaw in Cortana allowed access to sensitive files in locked devices

Critical flaw in Cortana allowed access to sensitive files in locked devices

Critical flaw in Cortana allowed access to sensitive files in locked devices

A critical security vulnerability in Cortana allowed anyone with physical access to a computer to access data stored on the computer, to execute malicious code, and to retrieve confidential information straight from the lock screen.

Patched by Microsoft earlier this week, the vulnerability allowed users to interact with Cortana even when a computer was in locked mode, thereby allowing even strangers to use various voice commands to explore data stored in the system.

Third party access to locked devices

The vulnerability was uncovered by Senior Principle Engineer at McAfee Cedric Cochin who noted in a blog post that a user could not only search for data stored inside a computer, but could also create a contextual menu displayed on a locked Windows 10 device.

According to Cochin, when a user poses a question to Cortana even when a device is locked, Cortana brings up results from indexed files and applications, and that for some applications the content of the file is also indexed. In Windows 10 devices, the entire user folder structure is indexed, which includes the default location for most documents but also for mappings like OneDrive, and this helps a user to view not only the full path of a file, but also its contents.

“Armed with this knowledge, you can use your imagination to come up with specific keywords that could be used to start harvesting confidential information from the locked device,” he added.

“We’re seeing yet another reminder of the potential security and privacy risks of our technology-driven and always-connected world. This instance reminds me of the previous Siri hack allowing attackers to unlock an iPhone by activating a task on the device,” said Larry Trowell, associate principal consultant at Synopsys.

“In the case of Cortana, the CVE allows users to access the search feature of the operating system. The smart assistant is pretty much just the vector by which to access the search feature. These assistants are given the same (and in some cases more) access to the system as users. The use of this feature by users and attackers while the system is locked hasn’t been completely thought through, as we can easily see from the Cortana situation.

“While a fix for the vulnerability has been issued, there are still other areas in which these assistants can be used to carry out an attack. For example, I see no reason why the dolphin attacks (that came to light last year) triggering cell phone smart assistants to call numbers and launch apps couldn’t be modified to attack a distracted user. The software is neat, interesting, and fun to use. It also opens up a lot of areas that possibly haven’t been thought through properly,” he added.

Lane Thames, senior security researcher at Tripwire, said that from an application perspective, the exposure is huge compared to a traditional application such as email or web browsing, and this is due to the “smart assistance” provided by this technology.

“Almost by definition, an assistant has to perform all kinds of functionality, even functionality that we haven’t implemented yet. All of these assistant technologies such as Cortana, Alexa, and Google Home, generally speaking, have very limited “smartness” local to the device. Instead, the smartness comes from the service’s backend cloud that uses technologies such as Big Data, Artificial Intelligence, Machine Learning, massive search databases, etc. This is where the functionality of the assistant comes from,” he added.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]