To final termination of support for Windows 10 Mobile only two months are left, but so far the system is still supported. Microsoft has announced a security vulnerability that allows unauthorized access to files from the lock screen. However, the patch will probably not come. It is also interesting that a year ago we described a similar method of attack on a Windows 10 PC.
The vulnerability was marked with a code CVE-2019-1314 and described, although Microsoft did not release a patch for it. However, it was found that the vulnerability is not actively exploited and is unlikely to occur. On the other hand, from December 10, Windows 10 Mobile will stop updating and its users will remain helpless if new attack methods are discovered. Let's return to the aforementioned gap, in which we read:
A vulnerability (related to) a workaround for security features exists in Windows 10 Mobile when Cortana allows a user to access files and folders through a lock screen. An attacker who successfully attacks this vulnerability can gain access to the photo library on the seized phone and modify or delete photos without authenticating themselves to the system. To exploit this vulnerability, the attacker must have physical access (to the device) and the phone must allow Cortana to be assisted on the lock screen.
Vulnerability is probably found in all versions of Windows 10 Mobile, but according to Microsoft, the way to use it has not yet been discovered. On the one hand, we could say that it's only a matter of time, but on the other … Hackers have better things to do than looking for a way to enter a photo gallery, requiring physical access to a device with a system that is used by less than 0.06% of owners smartphones. Although this is not excluded, in our opinion, rather unlikely. For now, the only way to avoid this is to turn off Cortana on the lock screen. Open the Cortana application, tap the menu button ("…"), enter Settings and disable the Lock screen option.
Interestingly, in June last year a very similar attack was possible in the context of Windows 10 PCs. "Too helpful" Cortana assistant was then in the crosshair of McAfee, who described how to fire with her PowerShell scripts on the lock screen. In that case, however, Microsoft released a patch. You can read more about this in our last year's text: Do you want to hack a locked device with Windows 10? Ask Cortana!
Hello my name is Karl, I’m from Germany 🙂 you will find here alot of information about cryptocurrencies, especially bitcoin, some information about software for windows, reviews about social media and other usefull stuff ! 🙂 hope you will like that.