Windows 10 suffers from a drastic security flaw, independent Israeli security researchers have claimed.
The security experts discovered that voice assistant Cortana – one of the headline features of the Windows 10 operating system – could be manipulated to launch websites and install malware from the lockscreen.
According to the Israeli researchers, cybercriminals can use voice commands from the lockscreen to connect the operating system to a different wireless network.
This means attackers could connect your computer to a Wi-Fi network controlled by them – a clear security threat to your machine.
The two Israeli researchers, Tal Be’ery and Amichai Shulman, said cybercriminals could also ask Cortana to open an unencrypted and potentially dangerous website.
These sites can be used to infect computers with dangerous malware.
Shulman and Be’ery presented their findings during the Kaspersky Analyst Security Summit in Cancun, Mexico.
“We still have this bad habit of introducing new interfaces into machines without fully analysing the security implications of it,” Be’ery told the audience.
“Every new machine interface that we introduce creates new types of vehicles to carry an attack vector into your computer.”
Microsoft has since resolved the issue, but researchers claim Cortana still responds to other voice commands – even when the computer is locked.
Installed with default settings, Windows 10 users can summon Cortana by saying “Hey Cortana”.
By default, the voice assistant will respond to any voice – even when the screen is locked.
However, Windows 10 users are able to train the AI assistant to try and recognise their voice.
Navigate to the Settings app, then click on Cortana > Talk to Cortana > “Hey Cortana”.
In this menu, turn on the option marked, “Hey Cortana, try to respond only to me.”