Cortana can be used to hack Windows 10 PCs

The lock screen isn't so secure after all.

Sponsored Links


Cortana might be super helpful at keeping track of your shopping lists, but it turns out it's not so great at keeping your PC secure. Researchers from McAfee have discovered that by activating Cortana on a locked Windows 10 machine, you can trick it into opening up a contextual menu which can then be used for code execution. This could deploy malicious software, or even reset a Windows account password.

The vulnerability stems from Cortana's ability to listen for commands even while the PC is locked, combined with regular indexing that makes files accessible in the search function that Cortana uses. Even though potential hackers would need physical access to your PC to do any damage, this could feasibly take place in an office or shared environment. Microsoft dealt with the issue in yesterday's "Patch Tuesday" update, but many machines won't have that yet, so McAfee suggests turning off Cortana on the lock screen to prevent any attacks.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget