Open Sesame: Picking Locks with Cortana


View Recording

Thursday, January 24, 2019
11:00AM-12:00PM PST
60 MINUTES, INCLUDING Q&A



Brought to you by:

Rapid7
Open Sesame: Picking Locks with Cortana, by Amichai Shulman
Voice Control Technology, by Deral Heiland

Many new devices try to fit into our life seamlessly. There's a quest for a "universal access methods" for all devices. Voice activation seems to be a natural candidate and many implementations for it surfaced recently. A few notable examples are Amazon's Alexa, Google's Assistant and Microsoft's Cortana.

The problem starts when these "Universal" access methods, aimed for maximal comfort, meet the very "specific" use-case of the enterprise environment which requires comfort to be balanced with other aspects, such as security. Microsoft Cortana is used on Mobile and IoT devices, but also in the enterprise computers as it comes enabled by default with Windows 10 and ready to respond to users' commands even when the machine is locked.

Allowing interaction with a locked machine is a dangerous architectural decision, and earlier this year, we exposed the Voice of Esau exploit for a Cortana vulnerability. The VoE exploit allowed attackers to take over a locked Windows 10 machine by combining voice commands and network fiddling to deliver a malicious payload to the machine.

This presentation reveals the "Open Sesame" vulnerability, a more powerful vulnerability in Cortana that allows attackers to take over a locked Windows machine and execute arbitrary code. Exploiting the "Open Sesame" vulnerability attackers can view the contents of sensitive files, browse arbitrary web sites, download and execute arbitrary executables from the Internet.

We conclude by suggesting some defense mechanisms and compensating controls to detect and defend against such attacks.

Guest Presenter:

Amichai Shulman Amichai Shulman

Amichai Shulman is a cyber security researcher, entrepreneur and investor. Amichai carries 25 years of cyber security experience in military, government and commercial environments.

Sponsor Presenter:

Deral Heiland Deral Heiland

Deral Heiland is the IoT Research Lead at Rapid7. He has over 20 yrs experience in the IT field, and has held positions including: Senior Network Analyst, Database Manager, Financial Systems Mgr and Principal Security Consultant.

UpcomingEvents

ShowCoverage

 

StayConnected

Sign up to receive information about upcoming Black Hat events including Briefings, Trainings, speakers, and important event updates.

 

Sustaining Partners

Accenture Carbon Black Cisco CrowdStrike ExtraHop Qualys Rapid7 Recorded Future SecurityScorecard ServiceNow Tenable