Microsoft Cortana allows hackers to snoop down your files

Microsoft Windows 10 operating systems(OS) offers a virtual assistant called ‘Cortana’ which helps the OS users integrate with hundreds of Windows apps. But McAfee researchers allege that the hackers are using this AI propelled assistant to snoop down files from locked computers.

Experts warn that the attack can turn serious if hackers decide to break into the network of the Windows 10 computer systems and spread malware on the PC/s.

In general, Cortana is developed to assist Win 10 users to schedule calendar appointments, check weather updates, set reminders and send emails and more.

However, researchers from McAfee labs have found that the voice-based virtual assistant is being used to browse files, install virus and even reset the password of a user-provided it has been activated for use.

The security flaw in Windows 10 was discovered when experts enabled the full desktop interface for Cortana by typing any key while the voice assistant was listening to their query on the lock screen of the computer.

As a result of this activity, the OS was displaying a search ability for the hackers to search for any files and apps on the system which is against the usual computer security protocol. What’s even worst that the security researchers were able to use the flaw to summon the voice-based assistant menu to open and induce malicious files from a USB drive. That’s possible due to the feature of Cortana’s ‘constant indexing’ in the background which enables it to find files for the computer user.

Microsoft made a note of this flaw on Friday last week and issued an update on Monday this week which disables the use of voice assistant Cortana from the lock screen.

The update has been issued on a worldwide note by the Santa Clara based company. But it might take at least a month time to reach the count of 400 million Win 10 active users on the full scale on a global note.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display