Hey Cortana! Install Malware. Infect this Computer.

There are some possible downsides to personal virtual assistants.

What if an attacker could use Cortana or Alexa to infect your computer?

As these assistants become more widespread, the likelihood of an attack goes up.

Screen locks do work.  Sort of.  They tend to stop nosy cube-mates and possibly evil maids, but beyond that, they are marginal.

Two Israeli researchers have figured out a way to get Microsoft’s Cortana to do their dirty work.

But the fact that they did it with Cortana is, I think, only a matter of opportunity.

They used Cortana to exploit a well known Windows “feature”.

Could they use Google Assistant to exploit an Android feature or Siri to exploit an Apple feature.  This just proves it can be done.

We saw this last year when a neighbor used Siri to unlock the house next door.  Siri was listening and more than happy to trigger the smart lock to open the door.

In this case they used the Windows “Feature” that when Windows sees a new network adapter, whether the system is locked or not, it installs the drivers.  The researchers plugged in a device that was designed to look like a USB network adapter.  After the system installed the network drivers (which, in reality, was enough to compromise the PC), they told Cortana to open a web browser and go to a malicious web site where it downloaded and installed malware.

Apparently, you can tell Cortana to only respond to your voice, but you have to train it to do that, so most people don’t do that.

Absent that, for some strange reason, the assistant will respond to voice commands, even if the computer is locked.  That makes absolutely no sense to me.  Locked SHOULD mean locked.

Microsoft changed that feature after the researchers explained what they did.

You say that the attack is not very subtle because someone nearby would hear the attacker issue the commands.

All of the assistants respond to high frequency sounds – high enough that the people nearby couldn’t hear, but the computer microphone would pick up the sound.  This is also a known feature called a Dolphin Attack and has been known for years.

The attack also works by playing an audio file over the computer’s speakers.

Microsoft’s so called fix was to direct all browsing requests through Bing, but they still process commands on locked computers, meaning that the computers are still susceptible to a different attack.  As I said – my opinion – locked should be locked.  Period.

This is likely to get worse before it gets better.

Information for this post came from Motherboard.


Leave a Reply

Your email address will not be published.