“Alexa and Cortana in Windowsland”: Hacking an Innovative Partnership and Other Adventures
Amichai Shulman, Yuval Ron at Global AppSec Tel Aviv 2019
This is a presentation about the essence of Cyber Security – what happens when you take new and innovative concepts, spice them up with business partnerships and plug them into existing security mechanisms.
In our talk, we will demonstrate a variety of new “Evil Maid” attacks on locked Windows machines. We will show vulnerabilities that stem from the high-profile business partnership between Cortana and Alexa – the voice assistants of Microsoft and Amazon, as well as code execution vulnerabilities in Cortana’s internal integrations.
We will take our audience on an amusing journey of our discovery process and the fascinating battle of Microsoft to patch these vulnerabilities with minimum effort and public exposure. This journey demonstrates the difficulty of tying up together new usage concepts with older security assumptions, the catastrophic outcome of breaking these assumptions, and the importance of implementing the learned lessons in future integrations between AI technologies and IoT devices.
Speakers
Amichai Shulman
Cyber Security Researcher, Entrepreneur and Investor
A cyber security researcher, entrepreneur and investor. Carries 25 years of cyber security experience in military, government and commercial environments. Co founded a notable security company in 2002 and served as CTO for the company over 15 years.
Yuval Ron
Technion - Israel Institute of Technology
The speaker is a Master’s student in the Computer Science Department (Psagot program) at the Technion - Israel Institute of Technology. Yuval was one of the youngest speakers at Black Hat USA 2018, and was acknowledged several times on the MSRC public researchers website.
In our talk, we will demonstrate a variety of new “Evil Maid” attacks on locked Windows machines. We will show vulnerabilities that stem from the high-profile business partnership between Cortana and Alexa – the voice assistants of Microsoft and Amazon, as well as code execution vulnerabilities in Cortana’s internal integrations.
We will take our audience on an amusing journey of our discovery process and the fascinating battle of Microsoft to patch these vulnerabilities with minimum effort and public exposure. This journey demonstrates the difficulty of tying up together new usage concepts with older security assumptions, the catastrophic outcome of breaking these assumptions, and the importance of implementing the learned lessons in future integrations between AI technologies and IoT devices.
Speakers
Amichai Shulman
Cyber Security Researcher, Entrepreneur and Investor
A cyber security researcher, entrepreneur and investor. Carries 25 years of cyber security experience in military, government and commercial environments. Co founded a notable security company in 2002 and served as CTO for the company over 15 years.
Yuval Ron
Technion - Israel Institute of Technology
The speaker is a Master’s student in the Computer Science Department (Psagot program) at the Technion - Israel Institute of Technology. Yuval was one of the youngest speakers at Black Hat USA 2018, and was acknowledged several times on the MSRC public researchers website.