DoublePulsar Abuse Tweaked to Work on IoT Systems

June 30, 2018


The NSA hacking device – DoublePulsar – was used to affect hundreds of thousands of Windows computers with malware previous year after it was disclosed online by the Shadow Brokers hacking company. At the time, the hacking device functioned on all Windows types except the latest Windows 10 version, however not on the Windows IoT operating system.

Nevertheless, a safety scientist going by the name Capt. Meelo has tweaked the hacking device, which now functions on the Windows IoT system. All that was needed was an easy edit of the DoublePulsar Metasploit module, as per Beeping Computer. Capt Meelo is not the only scientist to tweak the hacking device, as FractureLabs scientists did the same thing previous year.

By using the FuzzBunch framework and using devices like EternalBlue and EternalRomance, malevolent actors can get a footing in a method and use DoublePulsar as a lasting backdoor.

The devices take advantage of a weakness that has been repaired by Microsoft in the MS17-010 safety update, even though a number of businesses were sluggish to apply the update. After the abuse of the weakness on hundreds of thousands of Windows computers previous year and the abuse of the weakness in the WannaCry and NotPetya campaigns, companies rushed to apply the patch as well as safeguard their systems.

Nevertheless, as the hacking device did not work on Windows IoT, businesses might not have applied the safety patch to their Windows IoT appliances, for example, ATMs as well as point of Sale (PoS) systems.

With this hacking device now displayed to work on Windows IoT, it is vital for the MS17-010 safety update to be applied to those systems in order to avoid malevolent actors from retrieving those appliances and adding them to a botnet or retrieving data that is stored or passes through those appliances.