A hacker claims to have found a method in the code integrity mechanism in Windows RT, that allow one to bypass security mechanism preventing unauthorized software running on ARM-powered Windows RT tablets. Lets see, How to Run traditional desktop apps on Windows RT in a Hackers Way!

A hacker called 'C. L. Rokr' explain about the Windows RT exploit on his blog, which requires manipulating a part of Windows RT's system memory that governs whether unsigned apps can run. Windows RT is a special version of Microsoft Windows designed for lightweight PCs and tablets that are based on the ARM architecture, including Microsoft's Surface tablet.
The Hacker News

Clrokr said Windows RT inherited a flaw from Windows 8 that makes the workaround possible. "Ironically, a vulnerability in the Windows kernel that has existed for some time and got ported to ARM just like the rest of Windows made this possible,". Specifically, one needs to inject a blob of ARM code into a safe spot of RAM and have the Windows RT kernel divert the processor momentarily to run these instructions.

This code locates and alters a moderately hidden variable in the kernel to disable the executable signature check. On PCs the variable contains '0' allowing any program to run, whereas it is '8' on Windows RT devices to enforce the signature check. Overwriting this byte can therefore change the level of protection on the system and circumvent Microsoft's cryptographic keys.

Clrokr appeal to Microsoft "The decision to ban traditional desktop applications was not a technical one," Clrokr writes. "Microsoft, please consider making code signing optional and thereby increasing the value of your Windows RT devices!"

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.