Cortana and Alexa, helpful assistants or security threat?

Technion student says there is a major cyber security risk between the two.

Cortana (photo credit: WIKIMEDIA)
(photo credit: WIKIMEDIA)
Alexa is now a household name. More than 100 million voice assistants have been sold worldwide.
Many people use Alexa to make Amazon purchases through their Amazon account using voice commands. Yuval Ron and Amichai Shulman, however, a Technion graduate student and professor, discovered an unknown security threat in the partnership between the Amazon and Microsoft voice assistants.
Shulman explained that Cortana allows ones account to donate money to arbitrary charities.
“The danger… is that attackers with physical access to someone’s locked PC could ‘donate’ to themselves without the user’s knowledge,” he said.
They also found that when a Cortana user signs into Alexa, attackers can “easily manipulate the browser to navigate to malicious websites,” which means the hacker can also log into any of your social media accounts.
The researchers reported these security vulnerabilities to Microsoft last September and the problem was fixed. When the screen is locked, all Cortana’s skills are disabled except the few that were proven safe.
This is not the first time Technion researchers have found security concerns in voice assistants. In 2018, students found another threat in Cortana. The students were able to use voice interface to take over a locked machine.
Microsoft used this information to fix the threat.