The Hacker News Logo
Subscribe to Newsletter

Running Desktop Apps on Windows RT, The Hackers Way!

A hacker claims to have found a method in the code integrity mechanism in Windows RT, that allow one to bypass security mechanism preventing unauthorized software running on ARM-powered Windows RT tablets. Lets see, How to Run traditional desktop apps on Windows RT in a Hackers  Way!

A hacker called 'C. L. Rokr' explain about the Windows RT exploit on his blog, which requires manipulating a part of Windows RT's system memory that governs whether unsigned apps can run. Windows RT is a special version of Microsoft Windows designed for lightweight PCs and tablets that are based on the ARM architecture, including Microsoft's Surface tablet. 

Clrokr said Windows RT inherited a flaw from Windows 8 that makes the workaround possible. "Ironically, a vulnerability in the Windows kernel that has existed for some time and got ported to ARM just like the rest of Windows made this possible,". Specifically, one needs to inject a blob of ARM code into a safe spot of RAM and have the Windows RT kernel divert the processor momentarily to run these instructions. 

This code locates and alters a moderately hidden variable in the kernel to disable the executable signature check. On PCs the variable contains '0' allowing any program to run, whereas it is '8' on Windows RT devices to enforce the signature check. Overwriting this byte can therefore change the level of protection on the system and circumvent Microsoft's cryptographic keys.

Clrokr appeal to Microsoft “The decision to ban traditional desktop applications was not a technical one,” Clrokr writes. “Microsoft, please consider making code signing optional and thereby increasing the value of your Windows RT devices!

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.