Vulnerability allows unsigned apps on Windows RT

Thanks a vulnerability Windows RT, the supposedly locked-down Microsoft mobile device operating system, can be modified to run unauthorized desktops apps, according to one hacker.

“It’s taken longer than expected but it has finally happened,” the hacker identified as clrokr wrote in an online post on Sunday. “Unsigned desktop applications run on Windows RT.”
Windows RT, also known as Windows on ARM, is a special OS designed to run on mobile devices such as tablets using the ARM architecture. It lacks certain features in comparison to Windows 8 which runs only on devices with Intel-compatible compressors.
 
However, RT benefits from the power efficiency of the ARM architecture which allows for much thinner hardware design.
Although it launched alongside Windows 8 last October, Windows RT is only distributed as a pre-loaded OS on devices produced by certain manufacturers. Microsoft has an RT version of its new tablet Surface.

RELATED CONTENT

A dual-boot Windows RT-Android device?
Skepticism mounts over Windows RT’s enterprise role
Microsoft demos Windows 8 enterprise features

The lock-down features on RT allows only apps digitally signed by Microsoft and not third-party apps to run on the OS.
However, clrokr claims a vulnerability in the Windows kernel which got ported to ARM makes an exploit possible. Regular Windows 8 tablets also have a locked-down modern UI, but there are ways around this restriction. The traditional desktop side of Windows 8 lets you run any app you like, as with previous versions of Windows. Windows 8 tablets also have a locked-down user interface, but there are ways around the restriction which also works on RT, according to clrokr.

“It (lock down) does not stop pirates from modifying store apps (and their license checks) because store apps are the only thing that can actually run unsigned,” he wrote. “The fact that this method works on Windows 8 as well shows how similar the systems are.”

He did however add that the exploit may remain in the programmer realms as it is too complicated for the average tablet user.

Read full exploit details here

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now