源之原味

Hackers can use Cortana to open websites on Windows 10 even if your PC is locked

 

本文来自thenextweb.com。源URL是: https://thenextweb.com/artificial-intelligence/2018/03/07/hackers-can-use-cortana-to-open-websites-on-windows-10-even-if-your-pc-is-locked/

以下内容由机器翻译生成。如果您觉得可读性不好, 请阅读原文或 点击这里.

A pair of independent researchers yesterday uncovered a particularly worrisome security vulnerability in Microsoft’s 窗户 10. If your PC’s OS was installed with default settings this could affect you.

The simple “hack” involves activating Cortana via voice command to open websites on a PC that’s been locked.

In the above video, you’ll notice the researcher issues the voice command and then unlocks the PC with their password. The vulnerability doesn’t allow a bad actor to unlock your computer, but with physical access to your system they could direct it to just about any website they wanted.

With access to your PC, specifically just your computer’s microphone, these “hackers” could cause it to visit malicious websites. They could even, potentially, hijack your processor for cryptocurrency mining or install malware.

And, as we’ve reported before, you can fool a voice assistant with noise that humans can’t hear. This kind of attack could, conceivably, happen in a crowded office full of people. The hacker would simply play an audio file from their phone – perhaps pretending to take a call or watch a video – and a nearby system could pick up the hidden message.

The scenario becomes even more concerning if the attacker has enough access/time to plug a USB drive/stick into the target PC. This combination of vulnerabilities could potentially allow a hacker to proliferate an attack against any computers connected to the same network. Yikes!

By default, your system probably has “use Cortana even when my device is locked” enabled. We highly suggest fixing this problem by taking the following steps:

If you’ve got the Cortana search bar on your task bar click it and then click the settings icon. (If you’ve removed the search bar just click the Windows start button and select “Cortana” from the menu, then choose the settings icon).

Next, scroll down to the “Lock Screen” section and turn off “use Cortana even when my device is locked.”

For added security you can disable “Let Cortana respond to “Hey Cortana,” which will require you to click on the microphone icon anytime you wish to use voice control.

We’ve reached out to Microsoft for comment and will update this story as necessary.

想从世界顶尖专家那里听到更多关于 AI 的信息吗?加入我们的机器: 学习者跟踪TNW 会议2018.查看信息并获得您的门票这里.


主板
on Researchers Bypassed Windows Password Locks With Cortana Voice Commands

下一篇:

It’s time to kill the idea of the ‘next Silicon Valley’

Leave A Reply

Your email address will not be published.