CATEGORIES
home News

Windows 10 IoT Core Machines Vulnerable To Crippling Remote Hijacking Trojan

by Rob WilliamsSunday, March 03, 2019, 02:30 PM EDT
windows 10 iot core
If you're running a version of Windows IoT Core, you'll want to pay attention to the latest vulnerability discovered by Dor Azouri, a researcher for SafeBreach. The risk of leaving the bug unpatched is great, but fortunately, most of the Windows ecosystem is safe. Even the IoT Enterprise version is safe from this bug; only those using the free IoT Core on their DIY devices (eg: Raspberry Pi) will need to take action.

The issue lays with IoT Core's Sirep Test service, which allows users to perform tests on given hardware. The researcher discovered that this service could be used to reveal a remote command line interface which could be used to exploit the system. Once compromised, an attacker would have full control over the target system.

Windows IoT Core

The researcher went one step further with this information and released a tool on GitHub called SirepRAT, which ultimately seems easy to use as long as you know the IP address of the IoT Core device in question. Simple examples given include running an arbitrary application and uploading/downloading files. 

There are a couple of caveats with this flaw that might save you even if you are running a Windows IoT Core device. For starters, this only impacts those devices running a wired connection. Wireless devices are safe, which likely represents the biggest number of IoT implementations out there. As mentioned before, IoT Enterprise is also unaffected by this bug, which is great for Microsoft and those customers. For IoT Core users, you'll have to wait for Microsoft to chime in about a fix. 

Tags:  Microsoft, Windows, IoT, (nasdaq:msft)
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment