Cortana allows researchers to bypass password lock with voice commands

移动互联 2018-03-07

Whether you are a user of Cortana or not, the digital assistant appears to be here to stay for the long haul. Security researchers Tal Be'ery and Amichai Shulman have found that Cortana
is able to respond to commands even when computers are sleeping or locked. This has opened up some creative avenues for malicious individuals to take advantage of.

With the help of Cortana, a web browser can be opened and instructed to navigate to an insecure website. From there, malware can be installed on the target machine and obtain full access to the computer. Meanwhile, the computer appears to remain locked despite the fact that programs are able to be executed remotely by an attacker.

One issue with nearly all voice-controlled assistants is that anyone can issue commands. Cortana actually does have a setting to "try to respond only to me," but is still not all that accurate and can pick up commands from other people. With better differentiation between user voices, this specific attack would be much more difficult to perform. An obvious solution is for Microsoft to simply disable Cortana when a user is not authenticated.

Even with perfect voice recognition, voice systems are still susceptible to ultrasonic noise. Chinese researchers developed an exploit calledDolphinAttack that uses high frequency signals to issue voice commands to digital assistants. These are completely inaudible to humans but can still be detected by standard quality microphones.

In practice, this abuse of Cortana seems as though it would require physical access, but that is not the case. An infected computer can have its volume turned up in attempt to trigger Cortana on nearby devices. This does require that speakers are present, but leads to interesting possibilities for would-be attackers, offering worm-type capabilities.

A full presentation of the findings will be presented on Friday at the Kaspersky Analyst Security Summit
.

您可能感兴趣的

The first Cortana-powered smart thermostat is now ... Earlier this year, Johnson Controls firstrevealed their first smart thermostat GLAS featuring Microsoft’s Cortana digital assistant. Today, they...
Microsoft’s Javier Soltano on Alexa, Cortana, and ... This year has brought a fair number of shakeups at some of the world’s biggest tech companies. Google’s AI chiefleft for Apple, Amazon’s AI research ...
IDG Contributor Network: Cortana: anticipating a t... This last month Microsoft, with a variety of partners, announced a series of low cost VR/MR headsets due to market largely targeting consumers ...
首款Cortana智能音箱正式开卖:1323元 微软已经上架了首款Cortana智能音箱,来自哈曼卡顿推出的Invoke,售价199.95美元(约合人民币1323元),将在10月22日开始在微软美国官方商城、百思买和哈曼卡顿官网发售。 哈曼卡顿Invoke音箱的出色表现得益于三个1.75英寸的低音扬声器和三个0.5英寸的高音扬声器,提供...
Windows 10 April 2018 Update Coming on Monday: Add... Home News Windows 10 April 2018 Update Coming...