Windows IoT Core exploitable via ethernet


Chronicle on Monday announced the launch of Backstory, a security telemetry platform that all

Microsoft’s Internet of Things (IoT) version of Windows is vulnerable to an exploit that could give an attacker complete control of the system, according to a presentation given by a security company over the weekend.

At the WOPR Summit in New Jersey, SafeBreach security researcher Dor Azouri demonstrated an exploit that will allow a connected device to run system-level commands on IoT devices running Microsoft’s operating system.

Windows IoT is effectively the successor to Windows Embedded. The lightweight version of Windows 10 is designed with low-level access for developers in mind and also supports ARM CPUs, which are extensively used in IoT devices. According to the Eclipse Foundation’s 2018 IoT Developer Survey, the operating system accounts for 22.9% of IoT solutions development, featuring heavily in IoT gateways.

Read more…