Microsoft: Ingenious Windows RT jailbreak poses no security threat

Yesterday it was discovered that Windows RT has been jailbroken after a security researcher found a method to allow unsigned ARM desktop applications to run on the platform. By modifying a certain area of the system kernel you can change the minimum signing level, granting access to new applications to be installed on ARM machines outside the realms of the Windows Store, including desktop apps which were previously restricted to Microsoft-only code.

Microsoft has now made a statement on the findings, stating that the jailbreak poses no security threat to Windows RT users, as the hack is complex and requires local access including local administrator rights. Also, the exploit is limited in nature as it must be applied each time the PC boots, as Windows' UEFI Secure Boot prevents the minimum signing level from being permanently changed.  

Here's the statement straight from Microsoft, via The Next Web:

The scenario outlined is not a security vulnerability and does not pose a threat to Windows RT users. The mechanism described is not something the average user could, or reasonably would, leverage, as it requires local access to a system, local administration rights and a debugger in order to work. In addition, the Windows Store is the only supported method for customers to install applications for Windows RT. There are mechanisms in place to scan for security threats and help ensure apps from the Store are legitimate and can be acquired and used with confidence.

We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We’ll not guarantee these approaches will be there in future releases.

As you might have noticed, Microsoft also praised the ingenuity of clrokr - they guy who discovered the flaw in Windows RT - but said there is a chance that in a future update or version of Windows RT the exploit will no longer be there.

Source: The Next Web

Report a problem with article
Previous Story

Sprint to sell two Windows Phone 8 devices later this year

Next Story

Firefox 18 now available for download

20 Comments

Commenting is disabled on this article.

GP007 said,
I'm not surprised that Windows RT was/will be cracked. I was saying that this will happen right from the start.

get that man a coconut!

"has to be applied after every boot"
so it's a tethered jailbreak. wonder how long it'll take till someone can figure out how to get past the secure boot. i give it a few more months at max

either way, it's quite impressive and i knew it'd come at some point, what surprised me though is that it even allows installing desktop apps

Brando212 said,
no, it simply means that it has to be reapplied manually

the basis is still the same


It does not mean that. Tethering refers to connecting one device to another. Hence a tethered jailbreak is not a jailbreak which has to be applied manually, but rather a jailbreak which requires you to connect the tablet to another device.

you know what i mean. I'm talking basis, not specifics

if you want specific I guess it would be considered partially untethered(?)

well, is someone could emulate windows store,
then it might also duplicates windows store capability:
"To Delete ANY Apps & Data in User's Device WITHOUT the need of any user consents", as stated in windows store Term of use.

ingramator said,
Exactly, there is no advantage in writing some sort of patch, they should just set a toggle that allows us to set it with ease.
I doubt that they'll do that though.

recursive said
They should, that would guarantee that sales of the Pro tablets will tank as well.
Well I do believe that the sales of the Surface Pro will be quite a bit better mainly due to it's ability to run x86 apps.

recursive said,
They should, that would guarantee that sales of the Pro tablets will tank as well.

Why? This exploit doesn't magically make you able to install Win32 software onto an ARM based OS.

he used the remote debugger to modify some values in ram. you know the remote debugger that Microsoft lets you use. plus,cant really do much damage (ex:viruses)with unsigned applications because they run in user mode.

If the hack requires the debugger, then what is the point in it?
You need to be a developer, with the device registered, to run the debugger so you can already run unsigned applications, i.e. the applications you're debugging.
But yeah, not a security vulnerability as if a hacker needs full control of the computer in order to get full control over your computer....

Enron said,
MS should hire him

Why, seems like they where already aware that the Windows Store could be bypassed on kernel level.

Which is impossible to stop. Thing is you will always need physical access with administrative rights to the device.
It would be something if he was able to jailbreak WindowsRT like iOS by just visiting a website.
Or the easiness of rooting a locked android device.

But so far WinRT is outlasting the ipads and android tablets