Digital assistants help us look up the weather, play our favorite music, and allow us to quickly access a lot of our personal information. And between Amazon Alexa, Google Home, and Microsoft Cortana – these services have become all the rage these days. However, the latter service, according to the McAfee Labs Advanced Threat Research (ATR) team, can be easily compromised, which is why the team has submitted a vulnerability to Microsoft which involves the default settings for Windows 10 and the Cortana voice assistant. The vulnerability can be used to do things such as retrieve information from Cortana, start an application from the Windows lock screen, and even log into a Windows 10 device without a user interacting with the computer.
To understand how someone can take advantage of this vulnerability, imagine you are sitting at your favorite coffee shop and need to use the restroom. As a security-minded individual, you lock your computer’s screen thinking that would keep bad people from accessing your information. With this vulnerability, all someone would have to do is say, “Hey Cortana,” then follow a few simple steps to gain access to the treasure trove of information, no reboot required.