Whether you are a user of Cortana or not, the digital assistant appears to be here to stay for the long haul. Security researchers Tal Be’ery and Amichai Shulman have found that Cortana is able to respond to commands even when computers are sleeping or locked. This has opened up some creative avenues for malicious individuals to take advantage of.
With the help of Cortana, a web browser can be opened and instructed to navigate to an insecure website. From there, malware can be installed on the target machine and obtain full access to the computer. Meanwhile, the computer appears to remain locked despite the fact that programs are able to be executed remotely by an attacker.
One issue with nearly all voice-controlled assistants is that anyone can issue commands. Cortana actually does have a setting to “try to respond only to me,” but is still not all that accurate and can pick up commands from other people. With better differentiation between user voices, this specific attack would be much more difficult to perform. An obvious solution is for Microsoft to simply disable Cortana when a user is not authenticated.
Even with perfect voice recognition, voice systems are still susceptible to ultrasonic noise. Chinese researchers developed an exploit called DolphinAttack that uses high frequency signals to issue voice commands to digital assistants. These are completely inaudible to humans but can still be detected by standard quality microphones.
In practice, this abuse of Cortana seems as though it would require physical access, but that is not the case. An infected computer can have its volume turned up in attempt to trigger Cortana on nearby devices. This does require that speakers are present, but leads to interesting possibilities for would-be attackers, offering worm-type capabilities.
A full presentation of the findings will be presented on Friday at the Kaspersky Analyst Security Summit.