Just few weeks after Microsoft announced a 19 year-old critical security hole existed in almost every version of its Windows operating system, XDA-developers have discovered a new vulnerability in Microsoft's youngest OS Windows 8.1 that could easily be exploited by hackers to hack a Nokia Lumia phone.
XDA Developers hacker who go by the name DJAmol has found a wide open hole in OS Windows Phone 8.1 which makes the operating system very easy to hack. The vulnerability allows attackers to run their application with other user's privileges and edit the registry.
DJAmol realized that simply by replacing the contents of a trusted OEM app that has been transferred over to the SD card, the app will inherit the privileges of the original app. Once done, an attacker could then delete the existing directory and create a new directory with the same name as the original App.
As a result, the third party registry editor app will gain full access to the Info and Settings in the app itself. This how the hack can be implement in a few simple steps prescribed by XDA-developers in a blog post.
- Develop your own application package and deploy it on the target device.
- Install an any application such as "Glance Background Beta" from the Window Phone app Store.
- Delete all folders under the targeted directory of the installed app, in this case, Glance background.
- Now copy the contents of your own deployed package and paste it on the targeted directory. This implies replacing the "Program Files" of the installed app with your package files.
- Finally launch the App which will run in OEM (Glance Background beta) directory using the privileges of the targeted App.
The hack is very simple and easy to implement because all it need an application from the Window app store. But thankfully, the hack has not yet escalated to a full interop unlock, as the applications which are allowed to be moved to the SD card have limited access.
XDA developers forum reported the vulnerability to the Microsoft and also warned them that the vulnerability could give higher privileges to the attackers if tried using a First Party Application, rather a third party app. By the time, we can just wait for a response from Microsoft's part to prevent it from getting more serious.