Microsoft’s Windows 10 is known to be a very customizable operating system. This allows for a multitude of ways to exploit the operating system as well. That granted, however, Microsoft dedicates itself to the continual improvement of its system’s security, releasing rapid security updates and bug fixes for critical vulnerabilities discovered. As Microsoft continues to invest its efforts in improving Windows this way, another vulnerability has come forward that allows hackers to carry out arbitrary commands on a system just by using voice command on the device.
The vulnerability, dubbed “Open Sesame,” is a vulnerability in Microsoft’s digital voice feedback-based assistant, Cortana. This vulnerability was discussed at the Black Hat USA 2018 conference in Las Vegas that concluded just a few days ago. It was discovered that the Open Sesame vulnerability allowed hackers to use voice command to access sensitive data as well as give the system commands to download or run files that may connect it to malicious servers. In addition to this, just the voice command alone was enough to grant the system certain privileges to carry out these actions even when the computer is locked on the lock screen.
As Cortana is designed to be a voice-based assistant, even when the system is locked, voice command is deemed enough to bypass any keyboard entry or mouse requirements to unlock the system as voice is sufficient to grant permissions. What’s more is that despite the screen being locked, since Windows 10 runs its applications in the background regardless, the voice command can tap into running applications to direct them to behave a certain way.
The vulnerability has been given the label CVE-2018-8410. It is found to affect the Windows 10 Fall Creators Update v1709, the April 2018 Update v1803, and newer updates as well. Microsoft was informed of this vulnerability in April when the Israeli researchers who discovered it came forward with it to them. Microsoft has only released the following statement on the topic of this critical vulnerability.
An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status. An attacker who successfully exploited the vulnerability could execute commands with elevated permissions. To exploit the vulnerability, an attacker would require physical/console access and the system would need to have Cortana assistance enabled. The security update addresses the vulnerability by ensuring Cortana considers status when retrieves information from input services – Microsoft
There are no mitigation techniques available as of yet other than keeping your device in your own range so that a nearby attacker cannot give it voice command for exploit. We’re waiting on an update from Microsoft to resolve this issue.
The following video by Ron Marcovich shows the exploit in action.