Windows RT "jailbroken", shows its Windows 8 roots

Filed Under: Featured, Microsoft, Vulnerability, Windows

Open cage image courtesy of ShutterstockHey Windows RT, your roots are showing!

Not that it is all that surprising to most people, but the first person to post about jailbreaking a Microsoft Windows RT device says it is a direct port of Windows 8.

Microsoft has gone to some lengths to disguise this fact: no desktop mode applications (except Office, Explorer and IE10), only runs software from the Windows Store and can't install an alternative OS.

The primary difference aside from CPU architecture is that Windows RT has the "minimum signing level" of executable code set to require Microsoft's digital signature.

This ensures no other desktop applications can be loaded and only software approved by Microsoft can execute.

This is the essence of Microsoft's approach to locking down, or jailing, applications. This is hoped to prevent malware from infecting RT devices as well as ensuring Microsoft a tidy profit on application sales.

A security researcher known as @clrokr used their knowledge and access to Windows 8 systems to determine how they might go about changing the minimum code signing level used to implement Microsoft's restrictions.

Being that Windows RT is a direct Windows 8 port made this attack surprisingly easy. Observing memory addresses in Windows 8 and working with a remote debugger they were able to locate the right byte to modify.

While it involves a level of expertise few users possess, I imagine someone will create a tool to replicate @clrokr's efforts for those with less knowledge of a debugger.

The technique @clrokr used can only modify this setting in memory, so it will not survive a reboot. This is similar to jailbreaks on iOS devices known as a "tethered jailbreak".

Jailbreaking your Windows RT device comes with the same caveats as does hacking your Android or iDevice.

While you gain the freedom to run any code you like, you also become responsible for that code and ensuring it isn't doing something you don't want it to.

If jailbreaking Microsoft tablets becomes a popular way to run pirated applications we may begin to see more malicious apps like have been observed on Android.

Let's hope that the goal of unlocking these tablets remains for research and flexibility purposes and we can avoid that unfortunate outcome.

Open cage image courtesy of Shutterstock.

, , , , , , ,

You might like

2 Responses to Windows RT "jailbroken", shows its Windows 8 roots

  1. IT_Tech · 654 days ago

    'Let's hope that the goal of unlocking these tablets remains for research and flexibility purposes and we can avoid that unfortunate outcome'

    A nice thought but if, and it is a big if, the MS Tablet gains a substantial market share it is highly unlikely!

    • Sum Guy · 653 days ago

      You beat me to it, LOL. Whether it gains a huge share or not you can expect a tool kit for it in the near future.

      I would have pwned one by now, but the 199 price tag that was spread months before its release was to good to be true so I never got one to mess around with.
      There is no way I would pay 499 for a 2003 spec'd computer.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.