By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Embedded and IoT cable-connected devices running Microsoft's Windows 10 IoT Core are exposed to remote command execution attacks with SYSTEM privileges that require no authentication, with the help of an open source RAT tool released on GitHub. Windows 10 IoT Core-powered devices run a version of Windows 10 optimized for smaller ARM and x86/x64 devices, compatible with universal apps and drivers but with no support for shells or Microsoft apps. The SirepRAT tool developed by SafeBreach's Dor Azouri is designed to exploit the Sirep test service built-in "on any cable-connected device running Windows IoT Core with an official Microsoft image." The good news is that the SirepRAT Windows 10 IoT Core exploitation tool released by the researcher on GitHub will only work via an Ethernet connection because the less-known interface it exposes is "used by HLK for driver/HW tests" over wired connections. "The research was performed on a Windows IoT Core installed on a Raspberry Pi 3, but is probably not limited to this board as it abuses a Windows service and protocol, which should be platform independent," also says Azouri. "This service is the client part of the HLK setup one may build in order to perform driver/hardware tests on the IoT device. It serves the Sirep/WPCon/TShell protocol," according to Azouri. "We broke down the Sirep/WPCon protocol and demonstrated how this protocol exposes a remote command interface for attackers, that include RAT abilities such as get/put arbitrary files on arbitrary locations and obtain system information." The devices which can be exploited with the help of SirepRAT can be found in a multitude of environments, from commercial handheld products and DIY projects to enterprise environments. Learn more by visiting OUR FORUM.