Windows 10 can be hijacked when locked with Cortana’s help

Costea Lestoc By: Costea Lestoc
2 minute read

Home » News » Windows 10 can be hijacked when locked with Cortana’s help

Your all-time Windows MVP, Cortana can become your enemy due to a Windows 10 bug that allows cyber criminals to attack a computer really easy even when the device is locked. Attackers can make the assistant execute the commands they need and hijack your system.

McAfee published a detailed analysis of the vulnerability

McAfee issued a detailed report of this vulnerability to explain how it works. It seems that the “Hey, Cortana!” voice command which is enabled by default in Windows 10 can be used even from the lock screen when your computer is locked. This allows hackers to see file data, content and even to execute arbitrary code.

The research explains that it’s possible for hackers to type and launch a Windows contextual menu when Cortana starts to listen to a query on a locked device. This seems to be the first step towards a successful hack.

Potential solutions

Microsoft already patched this flaw but on systems that haven’t got the updates yet (this month’s Patch Tuesday) it’s recommended to simply turn Cortana off.

McAfee details more potential solutions to get rid of the vulnerability but claims that one of these viable solutions in the simplest and basically recommends users to go with it. Here it is as it’s noted on McAfee’s official post:

  • Trigger Cortana via “Tap and Say” or “Hey Cortana”
  • Ask a question (this is more reliable) such as “What time is it?”
  • Press the space bar, and the context menu appears
  • Press esc, and the menu disappears
  • Press the space bar again, and the contextual menu appears, but this time the search query is empty
  • Start typing (you cannot use backspace). If you make a mistake, press esc and start again.
  • When done (carefully) typing your command, click on the entry in the Command category. (This category will appear only after the input is recognized as a command.)
  • You can always right click and select “Run as Administrator” (but remember the user would have to log in to clear the UAC)

To get rid of the flaw you can follow McAfee’s recommendations or turn off Cortana if you haven’t received Microsoft’s patch by now. You can read McAfee’s entire post to find out the complete details on this vulnerability here.

RELATED STORIES TO CHECK OUT:

Discussions

Next up

How to block access to programs in Windows 10

Matthew Adams By: Matthew Adams
4 minute read

Network administrators might need to block user access to certain Windows 10 programs. There are a few ways that network administrators, and anybody else, can […]

Continue Reading

Top 4 auto SMS sender software for PC to use in 2019

Madhuparna Sukul avatar. By: Madhuparna Sukul
Less than a 1 minute read

In the world of smartphones and busy people, a large chunk of the population relies heavily on sending SMS. Whether it’s a personal message or a […]

Continue Reading

How to fix Windows 10 update error 0xca00a000 in 7 easy steps

Matthew Adams By: Matthew Adams
5 minute read

Error 0xca00a000 is a Windows Update error that arises for some users. The full error message states: 2018-07 Cumulative Update for Windows 10 Version 1803 for […]

Continue Reading