On Thursday, the Windows RT Jailbreak tool was released, opening the door further for a Microsoft Surface homebrew community. We asked Microsoft to expand on its previous comments now that a tool was available to automate the process, and on Friday the company responded. “We are actively investigating this and will take appropriate action as necessary,” a Microsoft spokesperson told TNW.
Update: Microsoft has released a more detailed statement, see the bottom of this article.
Earlier this week, reports surfaced that the Windows RT operating system had been jailbroken to allow for the execution of unsigned ARM desktop applications. Microsoft quickly issued a statement saying it does not consider the findings to be part of a security vulnerability, applauded the hacker for his ingenuity, and said it would “not guarantee these approaches will be there in future releases.”
Now that this tool is out, however, and there’s already a a growing list of homebrew apps, Microsoft is taking notice again. Hell, as The Verge pointed out yesterday, Steve Troughton-Smith managed to get an early version of Apple’s OS X server operating system running on his on a Surface tablet.
He captioned the image: “Booted Apple’s Rhapsody in Bochs on jailbroken Microsoft Surface, because Windows 95 is too boring.” The reference is to XDA developer netham45, the same guy who release the aforementioned tool, and how he was the first to put Windows 95 on the system after successfully porting PuTTy, TightVNC, and BOCHS to Windows RT:
The real excitement will surely be around porting games like Minecraft and Quake, browsers like Chrome and Firefox, and so on. Still, getting other operating systems running is fun.
Microsoft has two options here. The first is to ignore what is happening and quietly support the work of enthusiasts who ultimately promote their product, much like it did with Kinect. The other is to shut it all down, only to have someone figure out a fresh workaround.
If Microsoft ends up patching this, the homebrew community will likely stumble, but it won’t fall. Those involved will likely revert any Windows Updates released and continue happily hacking away. Let’s hope they do the “right” thing.
Update on December 12: Microsoft has completed its investigation and released the following statement.
We are aware of a social engineering technique that could use a tool to bypass an app restriction in Windows RT devices. This issue is not a security vulnerability, and we have not seen attempts to take advantage of this social engineering technique. In order for this social engineering technique to be successful, a user would need to be lured to click on a malicious link, and also click through an additional security alert. As always, we encourage all customers to avoid opening suspicious links and emails. We continue to appreciate the work of researchers, and we will take appropriate action to help protect customers.
See also – Why Microsoft loves homebrew and hacking
Image credit: Bartlomiej Stroinski