As voice assistants like Alexa and Google Home gain traction in the smart-home market, they have also been under increased speculation around how they approach privacy. Now, researchers say they have discovered a newly-disclosed flaw in Microsoft’s Cortana assistant for Windows 10 machines that allows them to navigate browsers — without even logging in.

A locked PC with Cortana enabled on the lock screen allows an attacker with physical access to the device to launch two kinds of unauthorized exploits simply by querying her, researchers at McAfee said Tuesday.

“In the first case, the attacker can force Microsoft Edge to navigate to an attacker-controlled URL; in the second, the attacker can use a limited version of Internet Explorer 11 using the saved credentials of the victim,” the researchers said in a post.

In the first scenario, a Cortana privilege escalation leads to forced navigation for Microsoft Edge on a lock screen. Essentially, the flaw does not allow an attacker to unlock the device, but it does allow someone with physical access to ask Cortana to use Edge to navigate to a page of the attacker’s choosing, while the device is still locked.

“It is surprising that links are offered and clickable when the device is locked,” researchers said. “If you start your favorite network sniffer or man-in-the-middle proxy, you will see that the links are visited as soon as the user clicks on them, irrespective of the device’s locked status.”

While pulling up domains from behind a locked PC seems fairly harmless, researchers said that bad actors could exploit this flaw by purchasing a domain (cheaper domains cost just $11.99) associated with the “official website” that Cortana’s domain search brings up. For instance, when asking Cortana what “Miss Aruba” is, the tool brought up a corresponding website (“hxxp://www.missaruba.aw.”) for which the domain was still available.

Once a bad actor buys the domain, he or she could install an exploit kit on the newly acquired real estate (in this example, URL associated with Miss Aruba), and – when that domain is called up via Cortana, infect any locked Windows 10 PC that supports Cortana, without ever logging in.

“From a server-side security perspective, such as with Cortana running on Server 2016, this vulnerability is of very little concern with respect to other issues addressed by this month’s Patch Tuesday,” said Lane Thames, senior security researcher at Tripwire, in an email. “However, from a client-side perspective, organizations should be concerned about this vulnerability for their user base that has Windows 10 running on their laptops, tablets or mobile devices. Exploitation can be easier than we usually consider for vulnerabilities that require physical access. Consider the case where a user is working at a coffee shop, locks the laptop screen, and steps away to make a phone call—this would be a perfect time for a targeted attack to take place.”

The other potential exploit of the vulnerability enables bad actors to surf the web freely with a full-fledged browser, such as Internet Explorer 11. This capability enables users to either post a comment on a public forum from another user’s device while the device is locked, as well as impersonate the user thanks to its cached credentials.

“One potential attack scenario arises if a corporation offers a mechanism to reset Windows credentials via a web server, but does not require users to reenter the old password,” researchers said. “One could simply navigate to the reset link, input a new password, exit the limited navigator and unlock the device with the newly set password, all from a locked computer.”

The new flaw (CVE-2018-8253) was reported to Microsoft and was patched as part of the company’s August Patch Tuesday update. Some of the issues are also partially mitigated by modifying the answer obtained from a Bing search query, according to the research.

Voice Assistant Privacy Concerns

As voice assistants gain traction, so to do worries about privacy that they bring along with them. And this is not Cortana’s first time in the spotlight.

Last week at Black Hat USA, researchers discussed another flaw (patched in June by Microsoft) dubbed “Open Sesame,” which also allowed an adversary to bypass a Windows 10 lock screen using the voice assistant aspect of Cortana; from there, they were able to unleash a number of “dangerous” functions.

Another group of researchers at the conference demonstrated how voice authentication for account access is extremely insecure; they demonstrated how voice synthesis, a technology that creates life-like synthesized voices, can be used to recreate any person’s voice.

Thames said in an email that vulnerabilities like these are growing as voice assistants gain traction: “Unfortunately, we are starting to see an increasing number of vulnerabilities and attacks that impact devices that act as smart assistants,” he said. “Most of these require physical access to the device, but that might be easier than you might consider at first.”