Security researchers have shown that having Microsoft Cortana enabled on the Windows lock screen could be a security risk. In such a configuration, users could compromise a system or lead to or impersonate a user using credentials stored in the browser cache.
The Cortana digital assistant is enabled by default on the lock screen and it can answer questions, voiced or typed, even if the user is not authenticated. While in this state, it relies on Edge and a limited version of Internet Explorer 11 to do its job.
Taking over dead or unmaintained domains
The latest findings rely on previous research from McAfee that showed how a malicious actor could abuse Cortana to access data, run malicious code, and even change a locked PC’s password.
Depending on what you ask and how you do it, Cortana can offer a more detailed response, with links from trusted online resources. If there is an official website available for your query, Cortana will show the one listed on Wikipedia.
“We can leverage this information to craft a fake Wikipedia entry, add enough content to get the review to succeed, add an official website link, and see what Cortana presents,” the researchers say.