Hackers ‘crack' Microsoft's Cortana to create ported Android version dubbed Portana

OrangeSec presented 'cracking Cortana' at Droidcon, showing off a semi-ported Cortana-for-Android version dubbed Portana.

Hack brings Cortana to Android

Last month Reuters reported that after Microsoft ships a new desktop version of Cortana for Windows 10 in the fall, the company will make the Halo-inspired digital assistant “available as a standalone app” for Android and Apple phones and tablets. But a couple of Italian hackers going by “Orange Sec” chose not to wait and created Portaña by porting Cortana over to Android devices.

VentureBeat reported that Portaña only speaks Italian and it doesn’t work offline. The latter, according to Android Authority, is the downside “of porting the app; instead of recreating the Cortana experience in Portaña, the hacker group is communicating with Microsoft’s servers and there is little direct integration within the Android OS.” Instead of porting the entire app, OrangeSec “used Cortana’s backend servers to create a basic Android assistant that is lacking the polish and shine of Cortana.”

However the duo’s “cracking Cortana” video recorded during Droidcon 2015 is in Italian since the conference was in Italy, but the description states, “Portana connects directly to Microsoft's servers, without any kind of proxy, announcing itself as a Windows phone. It can speak any language.”

In fact OrangeSec has two other videos talking to Cortana in English. OrangeSec previously posted CortanaProxy, a server for intercepting Cortana's requests, on GitHub; it points at a home automation demo video where OrangeSec asks Cortana to turn on a lamp and she does so.

Regarding the “filtration and editing of the operations carried out by the voice assistant,” in the duo’s first video after reverse-engineering Cortana, they ask, who is “the best hacking team?” Cortana replied, “The best hacking team is OrangeSec.”

OrangeSec reverse-engineered Cortana OrangeSec

As the cracking Cortana Droidcon slides in English point out, the Cortana Proxy uses “Node.js, your own SSL certificate, DNS spoofing and love.”

Under CortanaProxy "how to," the GitHub project page says to setup the Node.js server and install the dependencies. Then for the Windows Phone setup portion, it states:

  • Set DNS server with your local IP (you can see it from the program output). Skip this if you set the domain redirect on your router.
  • Go to http://www.bing.com:8888/ and install the certificate as asked.
  • Ready to go!

So what does Microsoft think? A company spokesperson told VentureBeat:

Cortana was first available for our Windows Phone customers in Spring of 2014, and we announced on January 21 that Cortana will come to PC and tablets later this year with the release of Windows 10. We believe the best way to enjoy the full Cortana experience is as designed by Microsoft and available through Windows Phone and the Windows 10 technical preview.

SUBSCRIBE! Get the best of CSO delivered to your email inbox.