Yesterday it was discovered that Windows RT has been jailbroken after a security researcher found a method to allow unsigned ARM desktop applications to run on the platform. By modifying a certain area of the system kernel you can change the minimum signing level, granting access to new applications to be installed on ARM machines outside the realms of the Windows Store, including desktop apps which were previously restricted to Microsoft-only code.
Microsoft has now made a statement on the findings, stating that the jailbreak poses no security threat to Windows RT users, as the hack is complex and requires local access including local administrator rights. Also, the exploit is limited in nature as it must be applied each time the PC boots, as Windows' UEFI Secure Boot prevents the minimum signing level from being permanently changed.
Here's the statement straight from Microsoft, via The Next Web:
The scenario outlined is not a security vulnerability and does not pose a threat to Windows RT users. The mechanism described is not something the average user could, or reasonably would, leverage, as it requires local access to a system, local administration rights and a debugger in order to work. In addition, the Windows Store is the only supported method for customers to install applications for Windows RT. There are mechanisms in place to scan for security threats and help ensure apps from the Store are legitimate and can be acquired and used with confidence.
We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We’ll not guarantee these approaches will be there in future releases.
As you might have noticed, Microsoft also praised the ingenuity of clrokr - they guy who discovered the flaw in Windows RT - but said there is a chance that in a future update or version of Windows RT the exploit will no longer be there.
Source: The Next Web
20 Comments - Add comment