Hey Windows RT, your roots are showing!
Not that it is all that surprising to most people, but the first person to post about jailbreaking a Microsoft Windows RT device says it is a direct port of Windows 8.
Microsoft has gone to some lengths to disguise this fact: no desktop mode applications (except Office, Explorer and IE10), only runs software from the Windows Store and can’t install an alternative OS.
The primary difference aside from CPU architecture is that Windows RT has the “minimum signing level” of executable code set to require Microsoft’s digital signature.
This ensures no other desktop applications can be loaded and only software approved by Microsoft can execute.
This is the essence of Microsoft’s approach to locking down, or jailing, applications. This is hoped to prevent malware from infecting RT devices as well as ensuring Microsoft a tidy profit on application sales.
A security researcher known as @clrokr used their knowledge and access to Windows 8 systems to determine how they might go about changing the minimum code signing level used to implement Microsoft’s restrictions.
Being that Windows RT is a direct Windows 8 port made this attack surprisingly easy. Observing memory addresses in Windows 8 and working with a remote debugger they were able to locate the right byte to modify.
While it involves a level of expertise few users possess, I imagine someone will create a tool to replicate @clrokr’s efforts for those with less knowledge of a debugger.
The technique @clrokr used can only modify this setting in memory, so it will not survive a reboot. This is similar to jailbreaks on iOS devices known as a “tethered jailbreak”.
Jailbreaking your Windows RT device comes with the same caveats as does hacking your Android or iDevice.
While you gain the freedom to run any code you like, you also become responsible for that code and ensuring it isn’t doing something you don’t want it to.
If jailbreaking Microsoft tablets becomes a popular way to run pirated applications we may begin to see more malicious apps like have been observed on Android.
Let’s hope that the goal of unlocking these tablets remains for research and flexibility purposes and we can avoid that unfortunate outcome.Follow @chetwisniewski
Open cage image courtesy of Shutterstock.