DoublePulsar Exploit Twisted to Work on IoT Systems

June 30, 2018


The NSA hacking device – DoublePulsar – was used to infect hundreds of thousands of Windows computers with malware previous year after it was revealed online by the Shadow Brokers hacking group. At the time, the hacking device worked on all Windows types except the latest Windows 10 type, but not on the Windows IoT operating procedure.

Nevertheless, a safety scientist going by the name Capt. Meelo has modified the hacking device, which now works on the Windows IoT system. All that was needed was a simple control of the DoublePulsar Metasploit unit, as per Beeping Computer. Capt Meelo is not the only scientist to twist the hacking device since FractureLabs scientists did the same thing previous year.

By using the FuzzBunch framework as well as exploit devices such as EternalRomance and EternalBlue, malevolent actors can gain a footing in a system and exploit DoublePulsar as a perpetual backdoor.

The devices take advantage of a weakness that has been repaired by Microsoft in the MS17-010 safety update, even though a lot of businesses were slow to use the update. After the abuse of the weakness on hundreds of thousands of Windows computers previous year and the misuse of the weakness in the WannaCry and NotPetya campaigns, companies rushed to apply the patch and safeguard their systems.

Nevertheless, as the hacking device did not work on Windows IoT, businesses might not have used the safety patch to their Windows IoT appliances, like ATMs as well as point of Sale (PoS) systems.

With this hacking device now proved to work on Windows IoT, it is important for the MS17-010 safety update to be applied to those systems to avoid malevolent actors from accessing those appliances and adding them to a botnet or accessing data that is saved or passes through those appliances.