A leading name in technology puts out an operating system that draws a lot of attention. It soon discovers, however, that people are jailbreaking its OS. The revelation brings scrutiny by its security team, and paves the way for users to load unsigned apps acquired apart from the officially sanctioned application store.
Sound familiar? It should — the iOS jailbreak community knows this story inside and out. But the company in the spotlight this time isn't Apple; it's Microsoft. And unlike Cupertino, it actually applauded the security researcher, "clrokr," when word about his hack popped up this weekend.
The scenario outlined is not a security vulnerability and does not pose a threat to Windows RT users. The mechanism described is not something the average user could, or reasonably would, leverage, as it requires local access to a system, local administration rights and a debugger in order to work. In addition, the Windows Store is the only supported method for customers to install applications for Windows RT. There are mechanisms in place to scan for security threats and help ensure apps from the Store are legitimate and can be acquired and used with confidence.
We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We'll not guarantee these approaches will be there in future releases.
So Microsoft doesn't believe this poses any real security threat, and judging by the limitations, it probably doesn't. Sure, users can run unsigned ARM desktop apps, but the modifications aren't permanent on devices with Secure Boot. That means they have to be changed again whenever the PC starts up. And likely no one but the hard-core geek crowd will be able to execute the hack and be willing to persist with the constant upkeep.
Even so, it could only be a matter of time before someone makes a more user-friendly program with more permanent results. And if that happens, not only could it birth a genuine homebrew scene for Windows RT ARM-desktop applications, but Microsoft may even allow it to go on. After all, the last line in the company's statement doesn't promise to close the exploit or commit to persecuting (or prosecuting) any hackers.
Past history bears this out. The company practically celebrated Kinect hackers. As long as security isn't threatened, it's more than possible it could take the same approach for Windows RT jailbreakers — which makes the prospect of a Surface tablet way more interesting.