“Alexa and Cortana in Windowsland”: Hacking an Innovative Partnership and Other Adventures
Hacking Windows machine through the Alexa / Cortana combination and other combinations. Taking over locked machines, breaking into account and stealing money - all through voice commands.
Presented at BSidesTLV, by Yuval Ron and Amichai Shulman, on June 24, 2019.
BusinessGPT - Security and Governance for Generative AI
Alexa and Cortana in Windowsland - BSidesTLV, June 2019
1. Alexa and Cortana in Windowsland
Hacking Innovative Partnerships and Other Adventures
Presenters:
Amichai Shulman
and Yuval Ron
2. ▪ Independent security researcher
▪ Advisor for several cyber security
startups
▪ Former CTO and Co-Founder of Imperva
▪ Black Hat, RSA, InfoSec speaker
▪ @amichaishulman
▪ Master’s student at the Technion
▪ Researching voice assistant security for
the past 2 years
▪ Speaker at Black Hat, Global AppSec
▪ @YuvalRonSec
2
Amichai Shulman Yuval Ron
ACKNOWLEDGMENTS
Prof. Eli Biham
Computer Science Department, Technion
Founding head of the Technion Hiroshi Fujiwara Cyber Security Research Center
3. AGENDA
▪ Introduction and Context
▪ Previous Results
▪ Cortana and Alexa
▪ Poking Holes in Cortana
▪ Cortana on Android
▪ Playing Ping Pong with Microsoft
▪ Conclusions
3Alexa and Cortana in Windowsland – Shulman / Ron
4. ▪ Voice assistants everywhere
▪ Cortana / Alexa / Siri / Google Assistant
▪ Translate human intent into
computer actions
▪ Retrieve data
▪ Browse the web
▪ Launch programs
▪ Hands-free operation
▪ Operates over locked screen
Alexa and Cortana in Windowsland – Shulman / Ron
4
INTRODUCTION
5. CONTEXT
▪ 2 Years of Research
▪ Security Effects of Cortana over
Locked Screen
▪ Including the Cortana-Alexa Integration on
Windows 10
▪ 17 Reported Vulnerabilities
▪ 2 CVE?!?!?!
▪ >50,000 USD in Bug Bounty
5Alexa and Cortana in Windowsland – Shulman / Ron
6. CORTANA ARCHITECTURE
6Alexa and Cortana in Windowsland – Shulman / Ron
Speech to Text
Text to Intent (Action)
Cortana Skill
Internet
3rd
Party
Web
Service
Action Provider
(Azure Bot)
Intent to Card
(Azure Bot)
Cortana
Service
Cortana
Client
Speech
Resolve!
Card
Speech
Card data
Intent + p
Text Text
Intent + p
7. Speech to Text
Text to Intent (Action)
Cortana Skill
Internet
3rd
Party
Web
Service
Action Provider
(Azure Bot)
Intent to Card
(Azure Bot)
CORTANA ARCHITECTURE - EXAMPLE
7Alexa and Cortana in Windowsland – Shulman / Ron
Cortana
Service
Cortana
Client
Speech
Resolve!
Card
Speech
Card data
Who is George WashingtonWho is George Washington
Who is George Washington
Search Query =“George Washington”
Search Query =“George Washington”
8. CORTANA CLOUD SERVICE
▪ Processing and decision making is done in the cloud
▪ Two phases
▪ Audio processing – Speech to Text
▪ wss://websockets.platform.bing.com/ws/cu/v3
▪ Binary + JSON
▪ Semantic processing – Text to Intent & Intent to Card
▪ https://www.bing.com/speech_render - GET request, HTML response
▪ https://www.bing.com/DialogPolicy - GET / POST request, JavaScript response
▪ Machine Learning
▪ Improve speech recognition
▪ Extend intent resolution capabilities
8Alexa and Cortana in Windowsland – Shulman / Ron
10. CORTANA SKILLS
▪ Cortana can be extended with
cloud based “skills”
▪ A Skill is an Azure bot registered
to the Cortana channel
▪ Receive all user input after an
invocation name
▪ Interacts with the Cortana client
using Cards that include voice,
text and LIMITED COMMANDS
10Alexa and Cortana in Windowsland – Shulman / Ron
11. OUR JOURNEY STARTS HERE…
April 2016:
Cortana on
Windows 10 Lock
screen is released
11Alexa and Cortana in Windowsland – Shulman / Ron
12. Alexa and Cortana in
Windowsland – Shulman / Ron
TURNED ON
BY DEFAULT
12Alexa and Cortana in Windowsland – Shulman / Ron
13. CORTANA AGENT
Very fat client
▪ Can do a lot of stuff!
▪ Merely an execution engine
▪ Exposes a powerful JavaScript API
Works on a locked devices
▪ SpeechRuntime.exe listens for “Hey
Cortana”
▪ SearchUI.exe has the “Cortana Logic”
13Alexa and Cortana in Windowsland – Shulman / Ron
14. PREVIOUS RESULTS
▪ Voice of Esau
▪ https://www.youtube.com/watch?v=7AyW0lCCyGI
▪ https://www.digitaltrends.com/computing/microsoft-fixes-cortana-lock-screen-bug-malware/
▪ Open Sesame (CVE-2018-8140)
▪ https://i.blackhat.com/us-18/Wed-August-8/us-18-Beery-Open-Sesame-Picking-Locks-with-
Cortana.pdf
▪ The Skill of Death
▪ Others (by us and McAfee)
▪ https://www.windowslatest.com/2018/08/15/mcafee-discovers-new-windows-10-cortana-
vulnerabilities-that-could-manipulate-locked-systems/
14Alexa and Cortana in Windowsland – Shulman / Ron
15. Hey Cortana,
Remind Me to
Execute
Arbitrary Code
Alexa and Cortana in Windowsland – Shulman / Ron 15
18. Hey Cortana, Remind Me to Execute Arbitrary Code
▪ Reported to MS on June 25th, 2018.
▪ MS fixed it via a server update on August 11th, 2018.
▪ MS removed the ability to add a photo and a contact person when in locked mode
18
AFTERBEFORE
Alexa and Cortana in Windowsland – Shulman / Ron
19. Alexa and Cortana in Windowsland – Shulman / Ron 19
The “Alexa in
Windowsland”
Vulnerability
Hacking the Cortana-Alexa
Partnership
on Windows 10
20. CORTANA AND ALEXA TEAM UP
▪ A surprising business partnership between Microsoft and Amazon
▪ “Hey Cortana, open Alexa” on Windows 10
▪ “Alexa, open Cortana” on Amazon Echo devices
▪ Get the best of both worlds!
▪ Cortana users have access to more than 50,000 Alexa skills
▪ Alexa users can now use unique Cortana skills (Office products)
▪ Get the worst of both worlds?
▪ Alexa is not perfect!
▪ For example, Alexa vulnerability found by Checkmarx researchers (April 2018)
20Alexa and Cortana in Windowsland – Shulman / Ron
21. What could possibly go wrong??
21Alexa and Cortana in Windowsland – Shulman / Ron
22. WEB BROWSING OVER LOCKED SCREEN
▪ Affects users that are not signed-in to Alexa
▪ Allows attackers to open a customized Internet Explorer
browser above the Lock screen
▪ Potential attacks:
▪ Navigate to malicious websites – download and execute
a browser exploit
▪ Take over users’ accounts like Facebook, Gmail, Twitter
▪ Using the browser’s cached credentials / session cookies
22Alexa and Cortana in Windowsland – Shulman / Ron
23. Alexa and Cortana in
Windowsland – Shulman / Ron
SIGN-IN TO ALEXA
DEMO
23
24. WAIT, THERE’S MORE TO COME…
24Alexa and Cortana in Windowsland – Shulman / Ron
SHOW ME
THE
MONEY!
25. Hey Cortana, Tell Alexa to Take My Money
▪ Exploiting the Alexa Donations
skill on the lock screen
▪ “Hey Cortana, open Alexa –
donate money to…”
▪ Donating up to 5,000$ (!) to an
arbitrary charity
25Alexa and Cortana in Windowsland – Shulman / Ron
26. Hey Cortana, Tell Alexa to Take My Money
▪ Voice purchasing is turned on by default
▪ Voice code is turned off by default
26Alexa and Cortana in Windowsland – Shulman / Ron
27. Hey Cortana, Tell Alexa to Take My Money
Attackers can turn this
into a profitable venture
by setting up fake
charity accounts with
Amazon.
27Alexa and Cortana in Windowsland – Shulman / Ron
28. “Alexa in Windowsland” - Timeline
28Alexa and Cortana in Windowsland – Shulman / Ron
August 15,
2018
September 1,
2018
September 24,
2018
Official
integration
release
We reported
the vulnerability
to MS
Quick fix via
cloud update
Removal of Alexa
from the lock
screen
29. Alexa and Cortana in Windowsland – Shulman / Ron 29
Done with Alexa
Going to Get
Spotify
30. CORTANA + SPOTIFY INTEGRATION
Sounds suspicious,
right?
30Alexa and Cortana in Windowsland – Shulman / Ron
35. Alexa and Cortana in Windowsland – Shulman / Ron 35
Hey Cortana,
Hack My Android
Phone
36. Cortana on Android Lock screen
36Alexa and Cortana in Windowsland – Shulman / Ron
37. Alexa and Cortana in
Windowsland – Shulman / Ron
Vulnerability
Demo
37
38. Alexa and Cortana in Windowsland – Shulman / Ron 38
Playing Ping Pong
with Microsoft
39. REPORT – FIX – REPORT AGAIN?
▪ Some vulnerabilities REQUIRED customer patch
▪ These were fixed quite efficiently and in a timely manner
▪ Some OBVIOUSLY required simple cloud patch
▪ These were fixed extremely fast in a VERY local manner
▪ We repeatedly found similar vulnerabilities in other skills
▪ Some needed a bigger change in the state of mind
▪ Fixes were applied after long time in a very local manner
▪ Some fixes were quickly worked around
▪ Some fixes were withdrawn in a hasty manner
39Alexa and Cortana in Windowsland – Shulman / Ron
40. Let’s
Reset
After addressing more than ten vulnerabilities:
40
Alexa and Cortana in
Windowsland – Shulman / Ron
“The team responded and advised me this is
a result of them taking a conservative
posture to and disabling virtually all
skills above lock and only re-enabling
them when we have proven they are safe to
show above lock.”
- MSRC, 16th November 2018
45. CREATING SECURE SYSTEMS
▪ Ask the right questions at design time
▪ It is not all about code security
▪ It is actually more about proper interfaces
▪ Solve the root cause
▪ Linking to insecure URLs
▪ Displaying pages from partner sites
▪ Solve in the right place
▪ These capabilities should have been removed from the
client side API
45Alexa and Cortana in Windowsland – Shulman / Ron