Microsoft's Cortana digital assistant for Windows 10 can help you set a reminder, email your boss or check the weather, but could she also help a malefactor gain access to your data?
With the Windows 10 Anniversary Update, Cortana now appears on a PC's lock screen by default, letting you query the internet or set reminders without logging in. A user-enabled option also allows Cortana to send emails or texts, query your contacts or access your calendar without requiring you to enter your user password. That's definitely convenient, but it could also be extremely risky should your computer fall into the wrong hands.
Cortana isn't the first digital assistant that can perform important tasks without asking for credentials. You can send emails or post to social media with Siri from an iPhone's lock screen, and Amazon's Alexa assistant operates without any authentication. Is it more dangerous to have these capabilities available from the Windows 10 lock screen?
Most security experts we asked were wary of the optional setting, but some seemed less concerned about the default setting.
"Sure, you can easily imagine someone taking someone else's device and doing something as a prank," encryption and security expert Bruce Schneier said of the default setting. "But it's a reminder so what?"
But Stu Sjouwerman, CEO of the security firm KnowBe4, said he felt that any type of function from the lock screen opened the door to hackers.
"The idea is to minimize your attack surface, not to expand it with an AI-like function that may have unknown 0-days," Sjouwerman said, adding that unlock-free access is "an invitation to hackers to see if this has any vulnerability they can exploit."
If you do allow Cortana to control your messages, calendar and contacts from the lock screen, there's no doubt you are taking a risk. A bad actor who walks by your computer in the office, or steals your laptop out of your bag, could view your business contacts, email a damaging message to a client or co-worker, or add a fictitious meeting to your schedule. For those reasons, corporate IT departments will probably disable the feature.
"Allowing people to drive-by email could have a high cost in a corporate setting and is only escalated by a motivated or savvy attacker," said Jason Oliver, chief and CEO of Tikras Technology Solutions Corp.
"I can see a lot of infosec teams having heartburn [about Cortana]," said Steve Santorelli, director of intelligence and outreach at the Illinois-based Team Cymru, a nonprofit security firm.
Santorelli said he wasn’t sure that the lock-screen Cortana feature would last long, noting that it could "go away as a condition of corporate adoption."
Santorelli, a former Microsoft employee and Scotland Yard investigator, said he thinks reliance on voice-command technology should lead people to re-evaluate their relationship with technology.
"If you find typing in a password so onerous that you want to enable literally anyone to be able to interact with your machine if they have physical access," he said, "then perhaps you are not ready for a grown-up machine, and the responsibilities that come with that."
Fortunately, Windows allows users to train Cortana to respond only to specific voices.
Sean Sullivan, a security adviser at F-Secure, the Helsinki-based antivirus maker, told us he "would advise corporate IT managers to disable the Cortana lock-screen feature" altogether.
Cortana wouldn't worm its way into offices at all, if Sullivan had his way.
"Microsoft accounts are required [to use Cortana], and that’s really a personal asset in my view. It’s best to limit their use to personal devices," he said. "It’s also difficult to imagine people speaking aloud to Cortana in many office spaces."
Where would it be appropriate for a full-featured Cortana to be accessible?
Sullivan suggested that he "might consider" it in "a secure home with trusted users," but that the feature could become more secure with some smarter features.
Apple devices require users to enter their passcodes if a device hasn't been used in more than 9 hours. Microsoft, Sullivan said, could add "something similar for Cortana on the lock screen."
Sullivan added that Cortana could "draft [changes, messages and edits] but not to send without some sort of authentication, whether that be Hello (Microsoft's facial-recognition technology), a fingerprint or a password.
Robert David Graham, co-founder of Atlanta consulting firm Errata Security, takes a wider view of Cortana on the lock screen.
"Of course, it's a security vulnerability," Graham said. "But that's the wrong way to look at it. Being able to speak to our computers is such a revolutionary new feature that we are going to adopt it, regardless of the security risks."
Apple iPhones have already provided such convenience to the detriment of security, Graham said. But he thinks Microsofts voice assistant may be smarter than Siri.
"A desktop computer in the home, where Cortana can be trained to more narrowly recognize a person's voice, provides vastly more security than the way our cellphones already work," he said.
Because voice-activated assistance will soon be as prevalent in our gadgets as any other feature, Graham suggests we understand and embrace its risks.
"As a security expert," he said, "let me assure you that we have to figure out how to live with insecurity rather than avoid new technology because of security concerns."