Microsoft's tablet OS can be fooled into running full-blown Windows 8 and legacy applications, hacker reveals.
Top 10 Tech Fails Of 2012
(click image for larger view and for slideshow)
A hacker has developed a "deep in the kernel" workaround that lets users run full-blown Windows applications on tablets and hybrids that use Windows RT -- a trimmed down version of Windows 8 that's only meant to run mobile apps downloaded from Microsoft's Windows Store or those preinstalled by Redmond.
In a blog post, the hacker -- who uses the name clrokr -- disclosed the exploit. "It's taken longer than expected but it has finally happened: Unsigned desktop applications run on Windows RT," clrokr wrote.
Windows RT devices were released on Oct. 26 of last year, alongside Windows 8. The devices all run processors based on the ARM mobile reference design, which until now, rendered them incompatible with regular Windows applications. ASUS, Lenovo and other vendors have all shipped Windows RT tablets, as has Microsoft itself with Surface RT.
Clrokr said Windows RT inherited a flaw from Windows 8 that makes the workaround possible. "Ironically, a vulnerability in the Windows kernel that has existed for some time and got ported to ARM just like the rest of Windows made this possible," wrote the hacker.
"MSFT's artificial incompatibility does not work because Windows RT is not in any way reduced in functionality. It's a clean port, and a good one," said clrokr.
Windows 8 and Windows RT systems come with a security feature called Secure Boot, which ensures that applications are authorized to run before they are launched. Secure Boot is more permissive on Windows 8, while on Windows RT it's configured so devices that use the OS can only run apps authorized by Microsoft.
clrokr said that a hack (which would be well beyond the capabilities of most users) essentially tricks Windows RT systems into running applications they aren't supposed to launch. "Finding this byte in the kernel takes awhile, there is no exported symbol for it and not even in the symbol database at MSFT," wrote clrokr. "I found it using WinDbg [Windows Debugger] and a machine running Windows 8 Pro."
clrokr admitted that the hack is not for the faint of heart, and that it carries some risks. At times it can trigger a Windows bug check, and the method "is not practical for most users, especially because tablet buyers are less likely to know enough about computers to do this than PC users."
In a statement, Microsoft said it does not consider the hack to be a major security threat because it is beyond the reach of most users, but added that it may take steps to eliminate it in future updates to Windows RT.
Tech spending is looking up, but IT must focus more on customers and less on internal systems. Also in the all-digital Outlook 2013 issue of InformationWeek: Five painless rules for encryption. (Free registration required.)
In this special, sponsored radio episode we’ll look at some terms around converged infrastructures and talk about how they’ve been applied in the past. Then we’ll turn to the present to see what’s changing.