“Cortana Flaw Allowed Takeover of Locked Windows 10 Device”
Lindsey O'Donnell, Threatpost, August 9, 2018
Thanks to Cortana's “universal access methods” … researchers were able to launch local commands through a locked Windows 10 screen and perform additional risky commands.
The root cause behind “Open Sesame” (CVE-2018-8140) is the fact that the lock screen on Windows 10 devices restricts the keyboard — but allows Cortana invocation through the voice. So once Cortana is invoked, the lock screen no longer restricts it.
Once they exploited the flaw, attackers can view the contents of sensitive files (text and media), browse arbitrary web sites, download and execute arbitrary executables from the Internet, …
“In the past, the OS made user the UI is not accessible when the computer is locked, and therefore developers did not need to think about it. Now it's the developers' responsibility,” said [Tal Be'ery of the Israel Institute of Technology].
Sure it is. This is another case of Microsoft designing the operating system so that it conforms to Microsoft's interests rather than to the preferences and needs of users and application developers.
“Hackers Can Use Cortana to Open Websites on Windows 10 Even If Your PC Is Locked”
Tristan Greene, The Next Web, March 7, 2018
A pair of independent researchers yesterday uncovered a particularly worrisome security vulnerability in Microsoft's Windows 10. If your PC's OS was installed with default settings this could affect you.
The simple “hack” involves activating Cortana via voice command to open websites on a PC that's been locked.
Well, duh. This was completely obvious from the beginning to any Windows 10 user who glanced at the page describing the settings for Cortana. One of the options is “Use Cortana even when my device is locked.” Microsoft turned this on by default because it wants to listen in on Windows 10 users even when the users try to lock their PCs. The “researchers” “uncovered” this feature by noticing that it was there and trying it out. This scarcely qualifies as a “hack,” or even as a “‘hack.’”
It seems unlikely that Microsoft will regard this routine surveillance feature as “worrisome.” From the user's point of view, it is of course a gigantic security hole. Since the user doesn't own Windows, however, that point of view is essentially irrelevant. The real owner, Microsoft, has already expressed its point of view by creating the feature and making sure that it's on by default. That's the end of the story.