open sesame: picking locks with cortana - black hat briefings · agenda •understanding cortana...
TRANSCRIPT
![Page 1: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/1.jpg)
Open Sesame: Picking Locks with CortanaRon Marcovich, Yuval Ron, Amichai Shulman, Tal Be'ery
1
![Page 2: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/2.jpg)
Amichai Shulman• Independent Security Researcher
• Advisor for multiple cyber security start up companies
• Former CTO and Co-Founder of Imperva
• Blackhat, RSA, Infosec speaker
• @amichaishulman
Tal Be’ery• Co-Founder @ Kzen Networks
• Formerly VP Research @Aorato (Acquired by Microsoft), Imperva, Singtel Innov8 VC
• Blackhat, RSA, SAS speaker
• @talbeerysec
2
Who are we?
![Page 3: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/3.jpg)
Also Featuring…
Yuval RonTwitter: @RonYuvalLinkedIn: ronyuval
Ron Marcovich
Twitter: @RonMarcovichLinkedIn: ronmarcovich
B.Sc. Software Engineering students at the Technion,Israel Institute of Technology. Both will start their M.Sc.In Computer Science this year.
3
![Page 4: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/4.jpg)
Agenda
• Understanding Cortana • What is it, how does it work and key elements
• Attacking Cortana on all fronts • Cortana agent: Open Sesame (CVE-2018-8140)
• Cortana actions: The voice of Esau
• Cortana cloud: Malicious skills
• Protecting against Cortana attacks• Voice Firewalls: NewSpeak
• Summary and Conclusions
4
![Page 5: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/5.jpg)
Understanding Cortana
5
![Page 6: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/6.jpg)
What is Cortana?
• "Your intelligent assistant across your life."
• Translate human intent into computer actions• Retrieve data
• Browse the web
• Launch programs
6
![Page 7: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/7.jpg)
What is Cortana?
• Multi-platform: Mobile, PC, devices
• Multi inputs (“intents”): keyboard, mouse, voice, touch, …
7
![Page 8: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/8.jpg)
Cortana Architecture
8
Cortana Service
Speech to Text
Text to Intent (Action)
Cortana Skill
Internet
3rd party web
service
Cortana Client
Speech
Text
Text
Intent + p
Intent + p
Card data
Speech
TextResolve!
Card
Action Provider (Azure
Bot)
Intent to Card
(Azure Bot)
![Page 9: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/9.jpg)
Cortana Architecture - Example
9
Cortana Service
Speech to Text
Text to Intent (Action)
Action Provider (Azure
Bot)
Internet
3rd party web
service
Cortana Client
Speech
Who is George Washington
Who is George Washington
SearchQuery = “George Washington”
Card data
Speech
Who is George WashingtonResolve!
Action Provider (Azure
Bot)
Intent to Card
(Azure Bot)
SearchQuery = “George Washington”
![Page 10: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/10.jpg)
Cortana Agent
• Very fat Client• Can do a lot of stuff!
• Merely an execution engine
• Exposes a powerful Javascript API
• Works on a locked devices• By Default!
• SpeechRuntime.exe listens for “Hey Cortana”
• SearchUI.exe has the “Cortana Logic”
10
![Page 11: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/11.jpg)
Cortana Cloud Service
• Processing and decision making is done in the cloud
• Two phases• Audio processing – Speech to Text
• wss://websockets.platform.bing.com/ws/cu/v3• Binary + JSON
• Semantic processing – Text to Intent & Intent to Card• https://www.bing.com/speech_render - GET request, HTML response• https://www.bing.com/DialogPolicy - GET / POST request, Javascript response
• Machine Learning• Improve speech recognition• Extend intent resolution capabilities
11
![Page 12: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/12.jpg)
Audio Processing Phase
Client Server
Connection.context(JSON)
Audio stream (BIN)
IntermediateResult (XML)
Audio stream (BIN)
IntermediateResult (XML)
Audio stream (BIN)
Audio.stream.hypothesis
PhraseResult (XML)
12
![Page 13: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/13.jpg)
Semantic Processing Phase
13
![Page 14: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/14.jpg)
Cortana Skills
• Cortana can be extended with cloud based “skills”
• A Skill is an Azure bot registered to the Cortana channel
• Receive all user input after an invocation name
• Interacts with the Cortana client using Cards that include voice, text and LIMITED COMMANDS
14
![Page 15: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/15.jpg)
Cortana Skills
15
![Page 16: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/16.jpg)
• Fat client executes on locked screen
• Many possible actions
• Action choice by cloud logic• Can be changed without any apparent sign on the device
• Might depend on Machine Learning
• Choice of action can be affected by unknown 3rd parties
Summary
16
![Page 17: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/17.jpg)
17
![Page 18: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/18.jpg)
Putting Murphy to Work
• Set up a research project with the Technion
• Undergraduate students exploring different aspects of the system
• Some avenues we explored• Local input to Cortana
• Intents that invoke exploitable actions
• Intents that retrieve malicious content
• Capabilities of 3rd party Cortana skills
18
![Page 19: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/19.jpg)
Attacking Cortana
19
Cortana Service
Speech to Text
Text to Intent (Action)
Cortana Skill
Internet
3rd party web
service
Cortana Client
Speech
Text
Text
Intent + p
Intent + p
Card data
Speech
TextResolve!
Card
Action Provider (Azure
Bot)
Intent to Card
(Azure Bot)
Expressing bad intents
Local commands through lock screen
Malicious skills
Bad content provider
![Page 20: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/20.jpg)
Open Sesame
20
![Page 21: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/21.jpg)
CVE-2018-8140 (Open Sesame)
21
GrabbingInformation
![Page 22: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/22.jpg)
CVE-2018-8140 (Open Sesame)
22
Takingover
![Page 23: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/23.jpg)
Open Sesame: Attack Model
• Impact: • by Abusing The “Open Sesame” vulnerability, “Evil Maid” attackers can gain
full control over a locked machine
• Evil Maid attack model: • Attackers have physical access for a limited time, but the Computer is locked
• Why it’s called Evil Maid?• Think of the laptop you left in your room last night when you went out…
• But also borders control, computers in the office during breaks and night, …
• But isn’t that exactly what Locked Screen suppose to stop?
23
![Page 24: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/24.jpg)
Lock Screen: You Had One Job
• Lock Screen is not magic!
• Lock Screen is merely another “Desktop” ( Winlogon desktop ) with very limited access
• The security stems from the reduced attack surface
• If Microsoft adds more apps on Lock Screen: The attack surface expands → security is reduced
24
![Page 25: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/25.jpg)
Lock Screen Evolution : Then
25
![Page 26: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/26.jpg)
Lock Screen Evolution: Now
26
![Page 27: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/27.jpg)
“Open Sesame” Root Cause
• Lock screen restricts keyboard, but allows Cortana invocation through voice
• Once Cortana is invoked, the Lock Screen no longer restricts it• Cortana is free to accept input from the keyboard too
• The fix: Make Cortana Search UI state aware. Different behavior when the UI is locked
• Shift of responsibility: • In the past, the OS made sure the UI is not accessible when computer is
locked, therefore developers do not need to think about it.
• Now, it’s the developers’ responsibility
27
![Page 28: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/28.jpg)
Disclosure Timeline
16 APR 18: We report CVE-2018-8140 to MS
23 APR 18: McAfee reports
CVE-2018-8140 to MS
12 JUN 18: MS patch
(Very quick + Bug
Bounty!)
26 JUN 18: We report CVE-2018-8369 to MS
28
![Page 29: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/29.jpg)
“Open Sesame” Summary
• Impact: Evil Maid Attackers can gain full control on a locked machine
• The fix is • Tactical: making Cortana Search aware of UI state
• Not Strategical: Cortana still gets keyboard input and launches processes from a locked screen in some other scenarios
• There are more where it came from: CVE-2018-8369
• Design lessons: Adding more capabilities to Lock Screen is very tempting, but dangerous
29
![Page 30: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/30.jpg)
Cruel Intentions: The Voice of Esau
30
![Page 31: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/31.jpg)
Attacking Cortana: Cruel Intentions
31
Cortana Service
Speech to Text
Text to Intent (Action)
Cortana Skill
Internet
3rd party web
service
Cortana Client
Speech
Text
Text
Intent + p
Intent + p
Card data
Speech
TextResolve!
Card
Action Provider (Azure
Bot)
Intent to Card
(Azure Bot)
Expressing bad intents
Local commands through Lock Screen
![Page 32: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/32.jpg)
Voice of Esau Attack
• Evil Maid Attack (First presented in Kaspersky SAS 2018)
• Attackers:1. Achieve Man-in-the-Middle position: Plug into the network interface
2. Use Cortana on locked screen to invoke insecure (Non-HTTPS) browsing
3. Intercept request, respond with malicious payload• Exploit browser vulnerabilities
• Capture domain credentials
32
![Page 33: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/33.jpg)
The VOE Attack - Evil Maid (Local)
I’m in! but the computer is locked!
Hi Cortana!Go to bbc.com
Browse http://www.bbc.com
I’m BBC and here’s my malicious payload!
http://www.bbc.com
33
![Page 34: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/34.jpg)
The VOE Attack Demo
34
![Page 35: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/35.jpg)
VOE Attack – Lateral movement
• Use initial compromise to install agent on compromised machine
• Achieve Man-in-the-Middle position• Some local routing attack: e.g. ARP spoofing
• Invoke Cortana insecure browsing • Play sound file – “GOTO BBC DOT COM”
• RDP (Remote Desktop Protocol) sound file to target• NLA must be disabled for it to work
• Intercept traffic of targeted machines and compromise, as in before.
35
![Page 36: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/36.jpg)
RDP: A Silent Killer
36
![Page 37: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/37.jpg)
Cortana over RDP Demo
37
![Page 38: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/38.jpg)
VOE Disclosure Timeline
16 JUN 17: We report VOE to MS
29 JUN 17: MS Cloud patch (no
CVE)
8 MAR 18: Our talk @ Kaspersky
SAS
25 JUN 18: We report CVE-2018-8271 (and
more) to MS
38
![Page 39: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/39.jpg)
The Voice of Esau
• Impact: Evil Maid or even remote attacker can invoke unsafe browsing on a locked machine. Using additional vulns attacker can gain full control
• The fix is • Tactical: making Cortana cloud aware of UI state and safely Bing instead of
direct browse in certain scenarios• Not Strategical: Cortana may still allow unsafe browsing in some other
scenarios
• There are more where it came from: CVE-2018-8271 (and more)
• Design lessons: Adding more capabilities to Lock Screen is tempting but dangerous
39
![Page 40: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/40.jpg)
Skill of Death
40
![Page 41: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/41.jpg)
Skill of Death
• VOE attack took advantage of existing intent resolution mechanisms
• What about adding our own interpretation mechanism?
• Skills interact with client through cards
• Cards have “limited functionality”
41
![Page 42: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/42.jpg)
Navigate to an attacker controlled server
Open malicious MS Office document
Skill of Death – Limited Functionality
42
![Page 43: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/43.jpg)
Skill of Death
43
![Page 44: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/44.jpg)
Skill of Death
• How can attacker invoke a “malicious” skill?• Invoking a new skill on a machine
requires user consent
• Cortana Skill can be invoked and granted consent from locked screen!
44
![Page 45: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/45.jpg)
Skill of Death
45
![Page 46: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/46.jpg)
Skill of Death
• Timeline• Authorization of skills in locked screen detected March 2018
• Guy Feferman and Afik Friedberg of The Technion, Israel
• Takeover methods detected June 2018• Natanela Brod and Matan Pugach of the Technion, Israel
• Fixed on June 25th 2018• Fixed in the cloud
• No formal announcement of fix
• Skills can no longer be INVOKED (authorized or not) from locked screen
• Adding functionality on locked screen is a slippery slope• Soon you find yourself allowing NON Microsoft code to run over locked screen
46
![Page 47: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/47.jpg)
Protection
47
![Page 48: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/48.jpg)
Preventing Voice Attacks: Speaker Identification
• Respond only to me
• “try” doesn’t sound very reassuring
• “Hey Cortana” can be easily recorded
• Can be subverted, see other talk
48
![Page 49: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/49.jpg)
Preventing Voice Attacks: Compensating Controls Take 1
• Take 1: Put a security Microphone on each room?
• Disadvantages:• Privacy
• Cost
• Audio directionality
• Audio semantics
• Not all attacks are audible
• Detection only
49
![Page 50: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/50.jpg)
Preventing Voice Attacks: Compensating Controls Take 2
• NewSpeak: a Network-based Intercepting proxy
• TLS/SSL certificate must be installed on monitored devices• In many organization already exists for web gateway monitoring, DLP
• Can monitor all Cortana requests and responses• Origin details: IP, computer name, user, UI State, etc.• Request audio and Text to Speech results • Intents and Action cards
• Can block or modify all Cortana requests and responses
• Much better than previous suggestion: Centrally located, does not rely on audio analogic capture, can mitigate not just detect
50
![Page 51: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/51.jpg)
Network monitoring with NewSpeak
51
I’m the NewSpeak Proxy
Hi Cortana!Go to cnn.com
Browse http://www.cnn.com
Browse http://www.foxnews.com
![Page 52: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/52.jpg)
NEWspeak: DEMO
52
![Page 53: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/53.jpg)
Summing up
53
![Page 54: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/54.jpg)
Summary: Attacking Cortana
54
Cortana Service
Speech to Text
Text to Intent (Action)
Cortana Skill
Internet
3rd party web
service
Cortana Client
Speech
Text
Text
Intent + p
Intent + p
Card data
Speech
TextResolve!
Card
Action Provider (Azure
Bot)
Intent to Card
(Azure Bot)
Expressing bad intents
Local commands through Lock Screen
Malicious skills
Bad content provider
![Page 55: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/55.jpg)
Takeaways: Defenders
• For the time being:• Disable Cortana voice in corporate
environments
• Or at least on locked screen
• Reconsider when compensating controls are there
• “voice firewall”: If voice becomes mainstream, considering specialized solutions is a must for corporate adoption
55
https://www.pcgamer.com/how-to-disable-cortana/
![Page 56: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/56.jpg)
Takeaways: Builders & Breakers
• New interfaces are much more than “just an interface”
• When introducing innovative concept into existing environments• Secure Coding is not enough
• We need Secure System Engineering
• We found 3 different CVEs and numerous issues that enables attackers to bypass the lock screen
56
![Page 57: Open Sesame: Picking Locks with Cortana - Black Hat Briefings · Agenda •Understanding Cortana •What is it, how does it work and key elements •Attacking Cortana on all fronts](https://reader035.vdocuments.net/reader035/viewer/2022063018/5fdc0b366006072aec0581b6/html5/thumbnails/57.jpg)
Questions?
57