Cortana and Alexa, helpful assistants or security threat?

Technion student says there is a major cyber security risk between the two.

July 8, 2019 17:59
1 minute read.
Cortana and Alexa, helpful assistants or security threat?

Cortana. (photo credit: WIKIMEDIA)


Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analysis from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief


Alexa is now a household name. More than 100 million voice assistants have been sold worldwide.

Many people use Alexa to make Amazon purchases through their Amazon account using voice commands. Yuval Ron and Amichai Shulman, however, a Technion graduate student and professor, discovered an unknown security threat in the partnership between the Amazon and Microsoft voice assistants.

Shulman explained that Cortana allows ones account to donate money to arbitrary charities.

“The danger… is that attackers with physical access to someone’s locked PC could ‘donate’ to themselves without the user’s knowledge,” he said.

They also found that when a Cortana user signs into Alexa, attackers can “easily manipulate the browser to navigate to malicious websites,” which means the hacker can also log into any of your social media accounts.

The researchers reported these security vulnerabilities to Microsoft last September and the problem was fixed. When the screen is locked, all Cortana’s skills are disabled except the few that were proven safe.

This is not the first time Technion researchers have found security concerns in voice assistants. In 2018, students found another threat in Cortana. The students were able to use voice interface to take over a locked machine.

Microsoft used this information to fix the threat.

Join Jerusalem Post Premium Plus now for just $5 and upgrade your experience with an ads-free website and exclusive content. Click here>>

Related Content

Ayelet Shaked hosts a goodbye party as she leaves her position as Justice Minister.
July 22, 2019
Yair Lapid to Shaked: Reject Far Right


Cookie Settings