A security researcher discovered a leak in Windows IoT Core that a hacker can use to take control of a device. A direct connection to the device is required.
Windows IoT Core, a Microsoft operating system specifically designed to drive IoT devices, is vulnerable to an attack in which a hacker can take control of such a device. That’s what Dor Azouri, a SafeBreach security guard, found out. He shared his findings with ZDNet. The vulnerability specifically affects the Sirep/WPCon communication protocol. A hacker can use this to open a terminal with System Privileges, which in turn is enough to take control of the device.
Windows IoT Core is the free successor of Windows Embedded. The OS is available via the Microsoft website. The image you can download there, contains the vulnerability as described by Azouri. As a demonstration, the researcher built a trojan that effectively exploited the leak: SirepRAT.
Limited vulnerability
Only Windows IoT Core is vulnerable. According to the researchers, the more advanced brother Windows IoT Enterprise is immune to this specific attack. In addition, the protocol that is being exploited is used for testing purposes. This has the side effect that the vulnerability is only available via an Ethernet connection. The protocol can’t even be exploited wirelessly.
Of course, this does not imply that a hacker has to gain access to a factory or office to hack a device with Windows IoT Core. It suffices to take over a computer in the network that does have Ethernet access to the device in question and use it as a relay. Such an approach further illustrates the importance of network segmentation, where IoT handsets and the corporate network are separate.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.