The latest Windows Phone 8.1 has been hacked
Pierluigi Paganini
November 18, 2014
Operators of the XDA-developers forum explained how it is possible to hack Windows Phone 8.1 to run any app package in any Program directory.
XDA-developers have discovered a new vulnerability in latest Microsoft OS Windows Phone 8.1 that could easily be exploited by attackers to compromise a Nokia Lumia phone running it.
The XDA Developers member known as DJAmol has discovered a vulnerability in the OS Windows Phone 8.1 that allows hackers to run arbitrary applications with other user’s privileges and edit the registry.
The XDA developers forum has already reported the security issue to the Microsoft, as explained by the operators of the forum the vulnerability could give higher privileges to the attackers if tried using a First Party Application, rather a third party app.
“There is a possibility to run any app package in any Program directory. Can be possible run homebrew app in second party and first party directory. Important thing is that app run’s with the reserved capabilies of the targeted directory. Such as “SECOND PARTY APPLICATION” capabilities and “FIRST PARTY APPLICATION” capabilities.” XDA-developers state in a blog post.
The hackers explained that simply by replacing the contents of a trusted OEM app that has been transferred over to the SD card, the attacker’s app will inherit the privileges of the legitimate one. Once transferred the malicious app, the attacker have to delete the existing directory and create a new one with the same name as the original App.
In this way the third party registry editor app will gain full access to the Info and Settings in the app itself. The XDA-developers provided a detailed description of the hack on Windows Phone 8.1 in their post, below the basis steps to execute.
- Develop your own application package and deploy it on the target device.
- Install an application from the Window Phone app Store, for example “Glance Background Beta”.
- Delete all folders under the targeted directory of the installed app, in this example proposed by the hackers, Glance background [Install, NI, TempInstall, TempNI, XBF etc].
- Copy the contents of your own deployed package in the targeted directory, replacing the “Program Files” of the installed app with your package files.
- Launch the App that will run in OEM (Glance Background beta) directory with the privileges of the targeted App.
The hack on the Windows Phone 8.1 is very easy to implement, but it has not yet escalated to a full interop unlock, as the applications that are allowed to be moved to the SD card have limited access.
“Doees this mean that lumia phones can be-are interop unlocked?” asked the user matgras
“May be or may not be. I’ve not research yet on it. Does this mean that lumia phones can be-are interop unlocked?
Those methods also work on any OEM Device, not specific for the Lumia.”
Stay tuned for more information on the case that are expected from Microsoft.