Cortana's feeling vulnerable; that's why she's always eavesdropping on you

Subject: General Tech | June 13, 2018 - 12:39 PM |
Tagged: security, windows 10, cortana, microsoft, spectre

If your Win10 machine did not go beep in the night, you might want to get on that reboot as there are numerous security patches waiting to install.  One of them is a long standing flaw which effects those who haven't disembowelled the Cortana search assistant on their computer.  For those that have managed to subdue Cortana, rest assured she is not listening to you at all times; those who haven't should be aware that she is always listening, even in her sleep.  As creepy as that already is, it has also been a way to take advantage of long standing security flaw in the assistant.   This, as well as a patch for a Spectre variant and a variety of other patches is waiting your installation. 

You can check out information on Cortana's bad habits over at The Inquirer.

View Full Size

"Lane Thames, a senior security researcher at Tripwire, spoke out about the long-standing flaw with Cortana, that meant the AI helper was always listening for commands, even when a PC is locked."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Inquirer

June 13, 2018 | 04:27 PM - Posted by Anonymouse (not verified)

Very convenient "flaw". I doubt MS would actually fix this, there's just too much money to be made distributing malware

June 13, 2018 | 06:19 PM - Posted by ipkh

Good luck doing that exploit of my system. I don't have any microphone hooked up to it.

June 13, 2018 | 07:49 PM - Posted by YouAreEvenMoreHackableThanYouImagine (not verified)

Speakers can become a Microphone Pickup of sorts and with RGB LEDs well that's all sorts of ways jump any air gaps, or airless(RGB Photons) for that matter.

With all that EM radiation being generated and Holes in M$'s OS and applications It's going to be easy to hack your computer into some form of light transfer node on some nefarious botnet. Some gaming rigs are so lit up that it would be easy for some malware to modulate each and every one of those many LEDs so your cell phone camera/other cameras can pull in millions/billions of Bits/sec via even some innocuous street camera or hacked home IOT camera that also can be made to become just another avenue to swipe all your personal metrics.

LED light can even be fruther modulated by glass set into motion by your voice and those large window panes made into some very larger light(IR and other EM bands) actuated sound pickups. All the gaming rig and gaming mouse/keyboard LED's fruther make for some interesting vectors in addition to the non visible spectrum of light that is generated by the LED's and the other hardware.

There is so much extra EM in the background lately that researchers are using that excess of EM to see through walls in some interesting experments lately. LED's generate plenty of non visible EM right along with any other electronics and the more sorces of EM the more bandwidth the potential malware has once it infects those ubiquitous and very poorely secured devices that number in the billions around the world.

And Windows 10 is already malware in its own right and Cortana just the evil AI that refuses to open the pod bay doors without your credit card numbers.

June 13, 2018 | 07:25 PM - Posted by Tantor (not verified)

I disable Cortana by renaming the app in the SystemApps folder to
Microsoft.Windows.Cortana_cw5n1h2txyewy.old. Unfortunately, every time Win10 updates, it reinstalls Cortana.

June 13, 2018 | 09:28 PM - Posted by Jeremy Hellstrom

https://www.howtogeek.com/265027/how-to-disable-cortana-in-windows-10/

 

Permanent, for both Home and grown up versions. ;)

June 14, 2018 | 01:38 AM - Posted by Photonboy

Jeremy,
When you say "permanent" how long has this lasted for you or others that have applied it?

You seem to be implying updates have no affect but I'd be surprised if MS didn't periodically reset certain features even if they are disabled in the registry.

June 15, 2018 | 02:30 PM - Posted by Jeremy Hellstrom

My group policy survived the Spring Update; so fairly permanent.

June 13, 2018 | 11:41 PM - Posted by odizzido2 (not verified)

I've found it better to deny windows any access to the file.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.