Recently, Microsoft's Cortana voice assistant (Xiao Na) has become the focus of attention, not because she did something interesting, but to become an affair with hackers. According to two security personnel from Israel, they announced that Found a way to use Microsoft Cortana to bypass the password lock screen, browse web pages and download malicious programs on the PC client.
The reason is that Microsoft recently updated the system, users can now use Cortana in the lock screen state, Microsoft's purpose is to allow users to use the voice assistant in the lock screen to complete some special operations. In fact, Apple and Google are also like this There was nothing special about it, but there was a problem with Cortana here, because she had the ability to open the site in the lock screen.
Although ordinary users cannot see these websites after they are opened, security personnel have found a shortcut to use this function to perform more operations without permission and even connect to other computers on the same network. .
Two security personnel intercepted the computer's network request using a USB device with a network adapter and redirected these network requests to a website containing malicious programs. In this way, the site would automatically download and install malware on the local computer. At the same time, after this computer is infected, other computers on the same network can also be infected by the virus.
The security officer then notified Microsoft of the problem. The solution given by Microsoft is as follows: If the user is asked to open the web page when the computer is locked, Cortana will not directly open the website requested by the user, but will redirect to Bing. search for.
However, this approach does not really solve the problem. It just uses the simplest and low-cost method to skip the means used by security personnel. However, it does not mean that there are no loopholes. At present, these two security personnel are looking for new Way to Break Cortana.