Just weeks after Microsoft announced a security hole in nearly all its operating systems, XDA-developers now unearthed a new vulnerability in Microsoft’s youngest OS Windows 8.1 that could be exploited to hack a Lumia phone in rather simple but fascinating steps.
In yet another swing of misfortunes on Microsoft’s youngest OS Windows 8.1, XDA developers unearthed a security hole that could be easily exploited to hack a windows phone in rather simple but fascinating steps.
After successfully unlocking a “WPSystem” root directory on SD, XDA Developers hacker DJAmol tried his exploits on Windows 8.1 which has been in the market for a while. Using a Lumia phone, the hacker discovered that one could replace the contents of a trusted Second Party App such as OEM application that has moved to the SD card and the new App will inherit the privileges of the original App.
After moving the info and settings of the OEM App to the SD card, one can then delete it directly and create a new directory with the with the same name as the original App. By doing so the third party registry editor app will have the same privileges that the info and setting app has.
This how the hack can be implement in a few steps prescribed by XDA-developers in a blog.
- First develop your own application package and deploy it on the target device.
- Install an application such as “Glance Background Beta” from the Window Phone Store.
- Delete all folders under the targeted directory of the installed app, in this case, Glance background
- Then copy the contents your own deployed package and paste it on the targeted directory. This implies replacing the “Program Files” of the installed app with your package files.
- Finally launch the App which will run in OEM (Glance Background beta) directory using the privileges of the targeted App.
Unfortunately, Microsoft had zero-time to patch the vulnerability which is simple to exploit and implement using an app such as Pocket File Manager. XDA developers also warned that the flaw could give higher privileges if tried using a First Party App.
Microsoft is not new to Zero day vulnerabilities on its operating systems. In October Microsoft issued a security advisory warning of a zero-day vulnerability affecting all its OS expect windows server 2003. The flaw residing in the OS code for handling OLE, gave the hacker full administrative rights on the victim’s computer. The Software giant is yet to release an official statement on the latest vulnerability unearthed by XDA developers.
Top/Featured Image: Hi-Tech@Mail.ru / Wikipedia (http://commons.wikimedia.org/wiki/File:HTC_8X_and_Nokia_Lumia_920.jpg)