Windows RT Hacked To Run Desktop Apps

Microsoft's tablet OS can be fooled into running full-blown Windows 8 and legacy applications, hacker reveals.

Paul McDougall, Editor At Large, InformationWeek

January 8, 2013

3 Min Read

Top 10 Tech Fails Of 2012

Top 10 Tech Fails Of 2012

Top 10 Tech Fails Of 2012 (click image for larger view and for slideshow)

A hacker has developed a "deep in the kernel" workaround that lets users run full-blown Windows applications on tablets and hybrids that use Windows RT -- a trimmed down version of Windows 8 that's only meant to run mobile apps downloaded from Microsoft's Windows Store or those preinstalled by Redmond.

In a blog post, the hacker -- who uses the name clrokr -- disclosed the exploit. "It's taken longer than expected but it has finally happened: Unsigned desktop applications run on Windows RT," clrokr wrote.

Windows RT devices were released on Oct. 26 of last year, alongside Windows 8. The devices all run processors based on the ARM mobile reference design, which until now, rendered them incompatible with regular Windows applications. ASUS, Lenovo and other vendors have all shipped Windows RT tablets, as has Microsoft itself with Surface RT.

[ See our BYTE colleague Larry Seltzer's opinion on this topic: Jailbreak Windows RT -- Why? Beats Me. ]

Clrokr said Windows RT inherited a flaw from Windows 8 that makes the workaround possible. "Ironically, a vulnerability in the Windows kernel that has existed for some time and got ported to ARM just like the rest of Windows made this possible," wrote the hacker.

"MSFT's artificial incompatibility does not work because Windows RT is not in any way reduced in functionality. It's a clean port, and a good one," said clrokr.

Windows 8 and Windows RT systems come with a security feature called Secure Boot, which ensures that applications are authorized to run before they are launched. Secure Boot is more permissive on Windows 8, while on Windows RT it's configured so devices that use the OS can only run apps authorized by Microsoft.

clrokr said that a hack (which would be well beyond the capabilities of most users) essentially tricks Windows RT systems into running applications they aren't supposed to launch. "Finding this byte in the kernel takes awhile, there is no exported symbol for it and not even in the symbol database at MSFT," wrote clrokr. "I found it using WinDbg [Windows Debugger] and a machine running Windows 8 Pro."

clrokr admitted that the hack is not for the faint of heart, and that it carries some risks. At times it can trigger a Windows bug check, and the method "is not practical for most users, especially because tablet buyers are less likely to know enough about computers to do this than PC users."

In a statement, Microsoft said it does not consider the hack to be a major security threat because it is beyond the reach of most users, but added that it may take steps to eliminate it in future updates to Windows RT.

Tech spending is looking up, but IT must focus more on customers and less on internal systems. Also in the all-digital Outlook 2013 issue of InformationWeek: Five painless rules for encryption. (Free registration required.)

About the Author(s)

Paul McDougall

Editor At Large, InformationWeek

Paul McDougall is a former editor for InformationWeek.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights