Posted on June 24, 2017 at 3:41 PM
A version of Windows known as the flagship student-focused operating system has been announced earlier this year by the software giants. This version is meant to ship with its current surface laptop. Microsoft considered this operating system as a system which is less prone to ransomware. This is due to its configuration which is locked and therefore no app can run outside the protective wall of its app store. To ensure the integrity and approval of the app, it has to undergo thorough testing. That is among the various reliefs which help in securing the operating system to files known to encrypt malware.
The spoiler alert reveals that last week, the spoilers accessed their new Surface Laptop having the capability to run Windows 10 S. They started it up and created an offline account. Finally, they installed some security patches just like any other ordinary user would do. After that, they asked Mathew Hickey, a security researcher and founder of cyber security, if ransomware could be installed on that system.
It took Mathew Hickey at least 3 hours to go through the security of the operating system. At last, he responded to the spoilers that he was surprised at how easy the whole thing was. He further added that after viewing the branding and marketing of the new operating he thought they had enabled it. He concluded that he would have wished to run a more advanced process and not such an easy process.
Windows 10 S has few obstacles. It does not allow the user to run unnecessary things over it. It is also limited to storing of apps. This implies that if a user tries to open a restricted app, an off-limit alarm will be raised by the Windows. Meaning that access to the scripting tools and PowerShell are denied and hence no prompt command. The app, therefore, will never run. This makes Windows 10 S had to crack.
However, Hickey managed to find an attack spot. He exploited Microsoft word as a tool used by malware writers. He created a dangerous word document on his computer which was macro-based. He created it in such a manner that when it is opened, it would help him to perform a reflective DLL injection attack. Restrictions would, therefore, be bypassed through code injection in existing permitting process. In this process, using the Windows’ Task Manager, word was opened with administrative virtue. Hickey revealed that automation of the process could be done with a large macro provided he has more time.
To get around the restriction of Word’s protected view and others, Hickey downloaded a word document which was malicious he built. This document is considered by Windows as trusted location permitting macro enabled from a warning bar on top of the screen. A user was therefore forced by the document to switch off protected mode so as to view it.
Using Metasploit, he was able to download a payload enabling him to control the computer remotely with the highest level of access. Hickey said that it could be a game over if he wanted to download ransomware which could be loaded on. As a proof of his accessibility level, he sent a screenshot to the spoilers having a password of the Wi-Fi network the computer was connected to. Hickey said that they could even take a DLL-based software and run it with an aim of encrypting all the files in a particular document hence requesting a key for wallpaper setting. He stopped installing the ransomware saying that he had proven enough and never wanted to pause risk on other devices on the network. He said that the attack could be done in several ways.
Microsoft security team was not informed of the attack before publication. Despite the fact that the techniques used by Hickey were well known by the security experts. Microsoft ignored its claims for the initial part. A spokesperson said that Windows 10 S was not susceptible to any attack by ransomware. He ended up by saying that the information from ZDNet was true. He concluded that they recognize that new attacks and malware occurs frequently and that they were committed to solving that by working with responsible researchers.
The process of hacking is not easy. There is a double click which says, hackers are not meant to give up after a short while. Finally, Microsoft revealed that there is no any known ransomware which works on an operating system, although with system level access they said that it was possible to install ransomware.