Windows RT jailbreak tool posted online
By Stewart Mitchell
Posted on 11 Jan 2013 at 11:00
An all-in-one Windows RT jailbreak tool has been posted online, just days after a flaw was discovered that could allow unsigned applications to run on the OS.
Unlike the x86-based Windows 8, Windows RT is supposed to be protected because it only runs executables with a signature from Microsoft. However, a security researcher found a method that allows unsigned applications to be run.
According to a post last week on the SurfSec blog, spotted by Engadget, the fault lies in the way Windows RT was ported across from the x86 version of the operating system, with an existing fault transferred to Windows RT.
The decision to ban traditional desktop applications was not a technical one, but a bad marketing decision
“Microsoft's artificial incompatibility does not work because Windows RT is not in any way reduced in functionality,” the blog said. “It’s a clean port, and a good one. But deep in the kernel, in a hashed and signed data section protected by UEFI’s Secure Boot, lies a byte that represents the minimum signing level.”
The exploit manipulates the minimum signing level within RT, so that it accepts apps and executables that have not been passed by Microsoft.
Whereas the minimum level is supposed to be 8, which means the code has a Windows signature, under the crack machines would run code with either no certificate at all or with a lower-level Authenticode signature.
Windows RT jailbreak
Just days after the exploit was uncovered, a jailbreak was posted on a popular developer forum. Activating the tool requires nothing more than a few installed files, a reboot and a push of one button.
In a Q&A on the forum, the developer answers the question of whether Microsoft will be able to patch the exploit.
"Yes and no. [Microsoft] can patch it through Windows Update, but since we have the ability to reinstall from recovery partitions we can revert any Windows Updates they release."
The tool doesn't persist after a reboot, and the poster insists it's not geared toward piracy.
advertisement
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Google Now draining iPhone battery
- The government website that doesn't work with IE, Chrome, Firefox, Safari, Macs or smartphones
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?
- Ransomware that's better made than antivirus software
advertisement
