Cortana, like all digital assistants, is supposed to make life easier by organising your data and presenting you with helpful information when you need it. Unfortunately, that inclination to be useful can also pose a security risk, as McAfee found when it discovered a bug in Windows 10 that let hackers use Cortana to gain access to locked computers.
The gist of the hack is related to how Windows 10 is constantly indexing data on your computer, which is part of the process that makes info available to Cortana when you ask it to look something up. However, because the OS is always trying to organise and rearrange your data, that behaviour also made it possible to insert a USB drive into a PC, and then use Cortana to open to those files, which could include scripts that would unlock the device or even potentially malicious executables.
Now, you don’t need to worry too much, because Microsoft has already patched the exploit with a security update that was released on 12 June. Additionally, any hackers trying to mess with your system would need to have direct access to your PC, as the exploit isn’t something that can be done online.
If you’re really concerned, you can also go into Windows 10 and disable Cortana from responding while your PC is locked. Either way, this exploit serves as a good reminder that maintaining physical security is the first, and most important step you can take towards protecting your data, because once your device falls into someone else’s hands, all bets are off. [Verge]