This article was published on January 8, 2013

Microsoft determines Windows RT jailbreak poses no security threat, applauds hacker for ingenuity


Microsoft determines Windows RT jailbreak poses no security threat, applauds hacker for ingenuity

On Sunday, reports surfaced that the Windows RT operating system had been jailbroken to allow the execution of unsigned ARM desktop applications, and Microsoft quickly confirmed it was investigating the claims. The company has now issued a statement saying that it does not consider the findings to be part of a security vulnerability, and that the circumvention method may not be available for long.

On the one hand, Microsoft is saying there is no security hole that needs to be plugged. On the other hand, the company is admitting this is an issue that it may want to address in the future.

Here is the full statement:

The scenario outlined is not a security vulnerability and does not pose a threat to Windows RT users. The mechanism described is not something the average user could, or reasonably would, leverage, as it requires local access to a system, local administration rights and a debugger in order to work. In addition, the Windows Store is the only supported method for customers to install applications for Windows RT. There are mechanisms in place to scan for security threats and help ensure apps from the Store are legitimate and can be acquired and used with confidence.

We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We’ll not guarantee these approaches will be there in future releases.

The security researcher being applauded is clrokr, who developed the workaround for allowing desktop applications to run on Microsoft’s ARM-based OS. As we outlined earlier today, however, it’s a rather limited exploit since the setting needs to be changed each time the PC boots up, and it only works for unsigned ARM desktop apps.

This is the main reason Microsoft says it’s not a security threat: the specific value that needs to be changed can’t be permanently altered on devices enabled with Secure Boot. It has to be modified in memory when the OS is already running, and that’s exactly what clrokr figured out how to do, after tracking down the right value in the Windows RT kernel.

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

While the hack is limited, it still does open up possibilities for a homebrew scene full of ARM desktop apps for Windows RT and thus the Microsoft Surface. Right now, only technically-savvy users will be able to reproduce clrokr’s method, but assuming Microsoft doesn’t issue a patch (and its statement is open-ended enough that this may happen), most will be able to do it once software that does it for them is available.

See also – Why Microsoft loves homebrew and hacking

Image credit: Pryam Carter

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with