Hackers can use Microsoft’s digital assistant Cortana to take over machines running Windows 10, security experts have discovered.
By using simple voice commands hackers can install malware onto a computer even if the computer is locked.
The hack means that websites can be opened and the malware installed from the computer’s lock screen.
The hack is made possible because Windows 10 allows a device to connect to a different network even it has been locked.
This means that hackers can ask Cortana to open potentially dangerous websites that could infect the computer with malware.
Microsoft has since released a patch that resolved the issue but researchers warn that Cortana can still responds to voice commands even when a device is locked.
The security flaw was discovered by Israeli researchers, Tal Be’ery and Amichai Shulman, who found that a device locked or in sleep mode still responds to voice commands.
Speaking to Motherboard, the researchers explained how someone could connect a USB with a network adapter to a computer and ask Cortana to visit a specific website. The malicious network adapter could then intercept the web sessions to send the device to a malicious website, which in turn could download malware onto the device.
“We still have this bad habit of introducing new interfaces into machines without fully analyzing the security implications of it,” Be’ery said
“Every new machine interface that we introduce creates new types of vehicles to carry an attack vector into your computer.”
The researchers posted a video showing Cortana responding to voice commands on a locked device.
The pair are set to present their findings at the Kaspersky Analyst Security Summit which is currently being held in Mexico.