A security researcher has disclosed a new exploit that affects the Windows IoT Core operating system which lets the attackers gain complete control over vulnerable devices.
The researcher at SafeBreach, Dor Azouri had discovered the vulnerability and he claim that its impacts the Sirep/WPCon communications protocol included with Windows IoT operating system.
The vulnerability only impacts Windows IoT Core which is the Windows IoT OS version for devices used to run a single application such as smart devices, control boards etc.
However, the flaw does not affect Windows IoT Enterprise which is the advanced version of the Windows IoT operating system that comes with support for a desktop functionality and those found deployed in industrial robots, production lines, and other industrial environments.
An attacker can run commands with SYSTEM privileges on Windows IoT Core devices. The exploit works on cable-connected Windows IoT Core devices that runs Microsoft’s official stock image.
In his research paper he had described a method which exploits the Sirep Test Service which is built-in and running on the official images offered at Microsoft’s site. This service is the client part of the HLK setup one may build in order to perform driver/hardware tests on IoT devices. It serves the Sirep/WPCon protocol.
He used the vulnerability in the testing service and found that it was possible to expose a remote command interface that attackers can weaponize to take control over smart devices running Microsoft’s Windows IoT Core OS.
Azouri has built a tool, a remote access trojan (RAT) called SirepRAT which will be open-sourced on GitHub.
The advantage of Azouri’s SirepRAT is that it does not work wirelessly because the testing interface is only available through an Ethernet connection. So, the attacker has to be present physically near the target, or compromise another device on a company’s internal network and use as a point for attacks on vulnerable devices.
The research papers have been submitted at the WOPR Summit security conference in Atlantic City, NJ, USA.
The Windows IoT operating system is a free successor of the Windows Embedded project and the OS has the second largest market share in the IoT devices market.