Open Sesame: Picking Locks with Cortana

Thursday, January 24, 2019

11:00 AM - 12:00 PM PST

60 minutes, including Q&A

Open Sesame: Picking Locks with Cortana, by Amichai Shulman
Voice Control Technology, by Deral Heiland

Many new devices try to fit into our life seamlessly. There's a quest for a "universal access methods" for all devices. Voice activation seems to be a natural candidate and many implementations for it surfaced recently. A few notable examples are Amazon's Alexa, Google's Assistant and Microsoft's Cortana.

The problem starts when these "Universal" access methods, aimed for maximal comfort, meet the very "specific" use-case of the enterprise environment which requires comfort to be balanced with other aspects, such as security. Microsoft Cortana is used on Mobile and IoT devices, but also in the enterprise computers as it comes enabled by default with Windows 10 and ready to respond to users' commands even when the machine is locked.

Allowing interaction with a locked machine is a dangerous architectural decision, and earlier this year, we exposed the Voice of Esau exploit for a Cortana vulnerability. The VoE exploit allowed attackers to take over a locked Windows 10 machine by combining voice commands and network fiddling to deliver a malicious payload to the machine.

This presentation reveals the "Open Sesame" vulnerability, a more powerful vulnerability in Cortana that allows attackers to take over a locked Windows machine and execute arbitrary code. Exploiting the "Open Sesame" vulnerability attackers can view the contents of sensitive files, browse arbitrary web sites, download and execute arbitrary executables from the Internet.

We conclude by suggesting some defense mechanisms and compensating controls to detect and defend against such attacks.

Brought to you by:


Guest Presenter:

Amichai Shulman

Amichai Shulman is a cyber security researcher, entrepreneur and investor. Amichai carries 25 years of cyber security experience in military, government and commercial environments.

Sponsor Presenter:

Deral Heiland

Deral Heiland is the IoT Research Lead at Rapid7. He has over 20 yrs experience in the IT field, and has held positions including: Senior Network Analyst, Database Manager, Financial Systems Mgr and Principal Security Consultant.

Sustaining Partners