'Secure' Windows 10 S Hacked Wide Open in 3 Hours
But our friends at ZDNet hired someone to try to crack it, and he succeeded in just three hours.
Their hacker, Matthew Hickey, security researcher and co-founder of cybersecurity firm Hacker House, exploited Microsoft Word macros to run a DLL injection attack. Because macros aren't run by default on documents downloaded from the web, he used a source Windows 10 S trusts: the local network.
At that point, he was able to run a program to gain system-level privileges (the highest level of access) and also run processes from the system level. He also connected the computer to his own server, meaning that he had remote access to do whatever he pleased.
"From here we can start turning things on and off -- antimalware, firewalls, and override sensitive Windows files," Hickey told ZDNet. "If I wanted to install ransomware, that could be loaded on," he said. "It's game over." The computer would have no way to defend itself. Hickey could've done anything he wanted to on the machine.
Hickey did not install ransomware on the system, but he was able to provide proof of his system level access, including a plaintext Wi-Fi password.
When ZDNet contacted Microsoft about the exploit, it provided the following statement:
"In early June, we stated that Windows 10 S was not vulnerable to any known ransomware, and based on the information we received from ZDNet that statement holds true. We recognize that new attacks and malware emerge continually, which is why [we] are committed to monitoring the threat landscape and working with responsible researchers to ensure that Windows 10 continues to provide the most secure experience possible for our customers."
Windows 10 S currently ships with Microsoft's flagship notebook, the Surface Laptop, as well as laptops from a series of partners like Lenovo and Acer.
Even if the current ransomware doesn't work, ZDNet and Hickey proved one dangerous point -- it's still possible to install it on Windows 10 S machines, and it's very possible to take a machine running the operating system over.
For more information, screenshots of the attack and full technical details, check out the original story over on ZDNet.