It is possible to bypass the password lock in Windows 10 to hack into the operating system using voice commands to compromise any device and deploy malware.
That is because the digital assistant Cortana available on the Windows 10 lock screen can open the door to a series of vulnerabilities which independent Israeli security researchers Tal Be’ery and Amichai Shulman were able to leverage to deploy malware.
Microsoft is aware of the issue and has a partial fix in place, but is working on other ways to keep Cortana contained.
The two researchers said if physical access to the target system is available, hackers could connect a USB network adapter and then using voice commands they can have the digital assistant access non-HTTPS websites, according to a report on Motherboard.
Using malicious code, the network interface can automatically intercept the traffic to non-secure servers and then point the computer to other hosts serving malware, in the end infecting the machine without even unlocking it.
And this isn’t the only issue Cortana has on Windows 10. Connecting a target system to a Wi-Fi network the researchers controlled was as easy as clicking a few options on the lock screen even if access to the system was protected by a password.
As a result of the vulnerability, attackers could compromise the entire network the target system is connected to. This is possible with ARM spoofing, a more complex method that involves re-routing traffic from a compromised system to other machines in the network.
While the vulnerability can be first exploited only by having physical access to a certain system, an attack could then expand to the entire network by playing the same voice commands through the speakers of the compromised host.
“So, this attack is not only limited to the physical access scenario but also can be used by attackers to expand their access and jump from one computer to another,” Be’ery said. “[It] very much could be like a Hollywood movie where everyone is asleep and no one is in the office and the computers come to life and are shouting at each other.”
Microsoft has already acknowledged the bug and partially addressed it by forcing browsing on a locked machine to be directed to Bing instead of a different page.
Researchers said other commands are still available and attackers could look into alternative ways to bypass the password protection on Windows 10.