Hey Cortana, I Just Hacked You With My Voice

An Israeli professor’s challenge to his students led to the recent discovery of security flaws in Microsoft’s Cortana voice assistant that allows attackers to take over a locked Windows machine and execute arbitrary code. (Microsoft has since patched the vulnerability.)

The finding, detailed during a presentation at the Black Hat cyber security conference in Las Vegas on Wednesday, spotlighted the potential vulnerabilities associated with the use of voice-assisted devices.

Voice-controlled digital assistants such as Amazon’s Alexa, Google’s Assistant and Microsoft’s Cortana are being incorporated across a range of digital devices in growing number. Nearly half of U.S. adults (46%) now say that they use these applications to interact with smartphones and other devices, according to a Pew Research Center survey. The advent of these products has touched a responsive chord. Consider some of the reasons people offered to Pew Research why they use assistants:

• 55%: To interact with devices without using their hands
• 23% They find them to be fun
• 22% Speaking to a digital assistant feels more natural than typing

All that may be true but the BlackHat presentation also underscored the potential security risk in using these devices in an enterprise setting.

For instance, Microsoft Cortana, which is enabled by default in Windows 10, doesn’t only come installed on many mobile and IoT devices. Windows 10 also comes bundled on most computers and laptops bought by businesses.  

However, the researchers discovered that these digital assistants remain ready to respond to users’ commands even when the machine may be locked and a Cortana vulnerability would let attackers take control of a locked Windows 10 machine through a combination of voice commands and network trial-and-error to deliver a malicious payload to the victim machine.

At BlackHat, the researchers demonstrated how the “Open Sesame” vulnerability, as they call it, allowed attackers to view the contents of sensitive files, browse arbitrary web sites, download and execute arbitrary executables from the Internet, and under some circumstances gain elevated privileges.  

What’s more, they showed how attackers wouldn’t need to deploy any external code or shady system calls to exploit the vulnerability. The upshot was to render antivirus and antimalware products blind to the attack.  

The issues with Cortana were first uncovered as part of a Technion undergraduate course called Information Security Project, taught by Amichai Shulman. He said that it took his students just three months to come up with a list of vulnerabilities.

Microsoft was subsequently notified and has patched the flaws. Microsoft also rewarded the students through their Bounty Program, which offers payments to individuals who alert the company to possible security issues in its products.

“Adding functionality on a locked screen is a very slippery slope,” said Shulman. 

Shulman described Microsoft's assistant as "an intent resolution engine" that will translate natural language inputs into an action carried out by the computer. After an attacker invokes the system with "Hey Cortana," that frees them to use the keyboard to execute code on a locked device.

“We have to understand that Lock Screen is not magic,” he said. “It is merely another desktop…and if we allow more and more functionality on lock screen, the attack surface increases.”

At another point in the demonstration, the researchers were able to deploy voice commands to get Cortana to browse to non-secure websites. In that kind of scenario, an intruder could then launch an attack because the page lacks encryption.

In a similar vein, Shulman’s colleague, security researcher, Tal Be'ery, left the audience with this bone to chew on.

“Every component worked the way as intended,” he said. “But no one was looking at the big picture - that the computer would remain safe.”