Technion Students Alert Microsoft To Massive Breach In Voice Assistant Cortana
This article was re-published with permission from NoCamels.com – Israeli Innovation News.
Two Israeli students from the Technion – Israel Institute of Technology discovered a massive vulnerability in the security of Microsoft’s virtual assistant Cortana, which allows users to operate their computer, smartphone, or smartwatch using voice commands. The threat enables even those who are not technologically savvy to breach a computer security and obtain complete access to a locked computer, with the ability to use the voice command system to install malicious software if they choose to do so.
The two third-year computer science students, Yuval Ron and Ron Marcovich, identified the potential threat with the use of voice interface to bypass security features, the university announced in mid-June. This is the first time that voice interface was used to dodge these security features in such a dangerous way, according to a university statement.
The students were able to download an external file, which allowed them to control all of the computer’s operations. The vulnerability allows for an instant security breach without any actual damage, the statement explained.
The students immediately reported their findings to Microsoft, who rewarded them through their Bounty Program, which offers payments of up to $250,000 to individuals who notify them of potential security issues. Microsoft issued a patch to protect against this form of attack in the future. The students will also travel to Las Vegas to present their discovery at the Black Hat USA 2018 cybersecurity conference in August.
To continue reading this article on NoCamels.com, click here.”