Posted By Remote Techs On 22-August-2018
Researchers at McAfee have demonstrated a method that hackers could use to perform an end-run around Cortana and access data, run malicious code, or even change a locked computer’s password. In this case, however, the emphasis is on the word “could.”
The researchers readily admit that this attack is high risk, has never been seen in the wild, and has little possibility of going undetected for a variety of reasons. Even so, the research is disturbing and does point to a valid weakness that bears further investigation.
The setup process alone is daunting. First, the attacker would need to perform a significant amount of advance preparation. This includes going so far as to create a Wikipedia entry that could get past that site’s army of talented editors and fact checkers, and then somehow inserting a link to a poisoned/compromised domain in the entry. That alone would be a challenge.
Once the Wiki page was up, with the poisoned link at the ready, the attacker would need physical access to the device in question.
Then, the user would have to have Cortana enabled from the lock screen.
Assuming that hurdle was also cleared, the attacker could begin asking Cortana questions, which would prompt her to search the web for information about the topic being inquired after.
Cortana is designed in such a way that if web-based resources are needed to answer the query, it will look for a Wiki Page and display the link found there.
If the hacker succeeded in doing all of that, Cortana would access the poisoned web page via a scaled down version of Internet Explorer 11, which would then allow the hackers to send malicious code via the now-established connection.
Is this a real threat? Absolutely. It is within the realm of possibility that a hacker could do everything described above.
Is this even remotely plausible? No. There are simply too many points of failure for this to be considered a genuine threat, as underscored by the fact that nobody has ever seen anything like this in the wild.
Hackers tend to prefer simple, elegant solutions. While it’s not outright impossible to imagine a hacker giving this a go just for fun, it’s hard to see this as an emerging threat, or something to be greatly concerned about.