What can Cortana do! Well everything like providing definitions, or looking up corporations, movies, artists, or athletes and breaking your password -_- . Yeah you read this right Cortana can help break the pass of a computer and can reset it. Yeah it sounds weired You can’t imagine the power of Cortana 🙂 .
Well this thing was done and reported by McAfee labs officials. This hack works when Cortana is enabled in lock screen and you simply need to say “Hey Cortana”.
You just need to follow following steps :
- Land a PowerShell malicious script using a flash drive.
- Users can start typing after they say “Hey Cortana” and issue a voice command. This brings up a special search popup with various features and capabilities.
- Users can type text in this popup, which searches the laptop’s application index and its filesystem. By typing certain words, like “pas” (as in password), this search can bring up files containing this string in their file paths or inside the file itself. Hovering the mouse over one of these search results can reveal the file’s location on disk, or the content of the file itself (big issue if the disclosed detail is a password).
- Users can access the right-click menu after using the same trick of starting to type after triggering Cortana. These menus include various sensitive options, such as “Open file location,” “Copy full path,” “Run as Administrator,” or, the more dangerous one, “Run with PowerShell.
- Back door can be opened by using this.
- Malicious Powershell code can be executed easily and your password will be reset.
- The malicious PowerShell script executes, despite the computer being locked. The attacker can use PowerShell to reset the password, disable security software, run chained commands, or any other thing he wants.
- Following is the flowchart that explains the working of this trick.
- The vulnerabilty patch has been released recently by officials but most of the computers don’t have this patch so this trick is still a success.
- This link describes the steps to perform vulnerabilty (CVE-2018-8140).