How Cortana Helps the Bad Guys Hack Your PC

LAS VEGAS — At least five major security flaws involving Microsoft's Cortana personal-assistant software have been discovered in the past few months, Israeli security researchers told the Black Hat security conference here Wednesday (Aug. 8). Only three of the flaws have been fixed, although Microsoft is working to patch the others.

The researchers showed how by using Cortana voice commands, they could run installed software, navigate to malicious websites, open malicious Word documents and read sensitive files — all without typing in a password or getting past the Windows lockscreen. Even worse, Microsoft lets third parties add new "skills," or functions, to Cortana in the form of plugins to Cortana's cloud services.

"What can possibly go wrong?" asked lead researcher Amichai Shulman. It turns out a lot can, unless you go into Cortana's settings and make sure it's not usable with the lock screen on.

MORE: How to Add or Remove Cortana from the Windows 10 Lock Screen

"Cortana is not just the voice interface into my laptop," Shulman explained. "It's really an intent resolution system — it translates human intent into computer actions."

Cortana in fact has multiple inputs: voice, of course, but also mouse movements and clicks, keyboard actions and touchscreen actions. The key to these attacks is that invoking Cortana with a voice command unlocks the other input methods, even if the lock screen is still on.

Cortana-assisted keyboard attacks

If Cortana is in active mode, the user, or whoever happens to have access to the locked computer at that moment, will be able to type things into the machine using the keyboard, as long as the typing is restricted to helping Cortana find something. All you need to do is say, "Hey, Cortana," first. The researchers called this the "Open Sesame" attack.

The researchers showed a demonstration video in which a user invoked Cortana, then used the keyboard to have Cortana navigate the Windows file system until it found and played a chiptune version of the Imperial Death March theme from "Star Wars."

"In this case it was a song, but it can be malware or anything you want," said Ron Marcovich, a software-engineering student at Technion Israel Institute of Technology, who along with fellow student Yuval Ron helped Shulman and security veteran Tal Be'ery with the research.

Another demo showed a user using Cortana to run commands in Windows PowerShell — one of the most powerful administrative utilities — from the lockscreen.

You can't actually open files from the lockscreen using Cortana, but you can do the next best thing: You can preview them. Cortana will show you thumbnails of not only photos on the filesystem, but also text files — including, as another demo showed, the first three lines of passwords in a text file named "Passwords."

You may think this isn't a big deal, because the attacker would need access to the machine. But there are many scenarios in which the user of a machine locks the screen and walks away, mistakenly believing the machine to be secure. The best-known scenario is the classic "Evil Maid" attack mounted by a malicious hotel staffer.

"By abusing Open Sesame, an Evil Maid attacker can gain full control over a locked machine," said Be'ery. "Attackers have physical access for a limited time, but it can just as easily be Evil Office Cleaner, Evil Co-Worker or Evil Border Control Agent."

The fix, Be'ery explained, was to make Cortana behave differently when the screen was locked. Microsoft pushed out that patch with the June 2018 round of monthly updates. But since then, the researchers have found another Cortana-assisted keyboard-based lockscreen bypass, which they won't detail until Microsoft fixes it.

Cortana voice attacks

But you don't need to type in anything to have Cortana betray the computer's security. You can simply use a voice command to have it navigate the web browser to a malicious website, which then will infect the machine with malware. Once again, the lock screen stays locked, and the computer's user may be nowhere nearby. The researchers called the "Voice of Esau" attack.

In a demonstration video clip, a user says, "Hey, Cortana, go to" The researchers had already compromised the local network somehow so that the system's default browser — with the lock screen on — navigates to a fake BBC website that could have loaded malware onto the machine.

The attacker wouldn't need to have compromised the local network for this attack to be effective. He or she could simply have commanded Cortana to navigate to a web page the attacker knew to be malicious. If the page was new enough, it might not have been added to the lists of known malicious URLs that modern browsers use to block dangerous sites.

Microsoft has fixed this attack as well, in this case by having Cortana use Bing to look up a website invoked in a voice command and present the user with a list of possible links, instead of going directly to the site. This way, fake and malicious websites will be more easily screened out.

However, as with the Open Sesame attack, at least one other variant on the Voice of Esau attack has been reported to Microsoft, which is working on fixes.

Malicious Cortana plugins

All of these fixes are moot if you can get Cortana to run your own malicious code, even when the computer screen is locked. And because Cortana's cloud services — where all the real Cortana action happens — accept "skills," i.e. plugins or scripts, from third parties, you definitely can.

"There's a way to instruct the client machine to invoke a browser process to navigate to a URL chosen by the third-party skill," Shulman said. "The URL could deliver a browser exploit to take over the machine."

In fact, you wouldn't even need a browser exploit, he added.

"You can invoke any of the Microsoft Office applications using a special URL," Shulman said. "We made a URL open a Word document and then sent malicious Word exploits."

Shulman played a demonstration clip in which lo and behold, once the user typed in the correct password and the screen unlocked, a Word document was on the screen.

"We almost had a full attack," Shulman said. "I say 'almost' because the user has to give consent.

"But it turns out you can give consent from a locked screen," he added. "You can sign into Gmail from a locked screen. Then all Cortana has to do is ask 'May I have your permission?' You'll say, 'Of course!' and the attack is carried out."

This flaw, too, was recently fixed by Microsoft so that third-party skills can no longer be invoked from a locked screen.

How to Keep Cortana in Line

By default, Cortana is enabled and listening for commands in Windows 10 even when the lock screen is on. Fortunately, it's easy to disable. Simply enter anything into the search bar at the bottom left of the Windows 10 screen, and the Cortana window will pop up. Then click on the gear icon to get to Cortana settings and turn off "Use Cortana even when my device is locked."

"We have to understand that the lock screen is not magic," Be'ery said. "It's merely another desktop with very limited access. If Microsoft adds more functionality to the lock screen, the attack surface grows and security is reduced."

Cortana Tips and How-Tos