Wednesday, March 07, 2018
Cortana could allow a major security hole (Israeli research)
A site called Motherboard on Vice reports that Israeli researchers have found a hole in Microsoft’s assistant Cortana whereby an attacker could bypass normal security with voice commands.
Furthermore it is possible to use supersonic commands (what the Chinese call a “dolphin attack”).
Microsoft normally sends voice requests through web pages through Bing.
The idea of doing things only with voice (common in automated telephone customer service) poses some obvious security hazards in business processing online in traditional IT shops, and there were circumstances in my own career where this could have been very dangerous.