This word pops up from time to time in the tech industry. Not long after it pops up, the claimant regrets making the claim. In 2001, Oracle claimed their database was ‘unbreakable’. That only served to paint a target on it and multiple security researchers have turned up flaws since that claim.
Recently, Microsoft claimed that the new Windows 10 S (their restricted version of Windows 10 targeted at students) would run “no known ransomware”. At least they learned the lesson of Oracle and didn’t call it unbreakable or unhackable. Despite this caution, that is exactly how many people understood the claim. While technically Microsoft was correct, they underestimated the drive of security researchers to poke holes in those claims.
A security researcher did just that. Matthew Hickey of Hacker House was able to compromise the locked down version of Windows 10 and force his way through the layers of protection and gain system-level access. On a Windows system, this is one step above Administrator and all powerful. He stopped short of installing ransomware to prevent any unintended outbreak on the local network, but with system-level access, that would have been a trivial task.
This isn’t the end of the world for Microsoft’s security work on Windows 10 S. It just shows that if you make a claim of un-something-ability, someone will take that as a challenge and prove you wrong. The world of cybersecurity is complex enough that it’s difficult to consider all the variables. Someone with that level of drive will go above and beyond to invalidate such an extreme claim.
Just because he went over-the-top to do this doesn’t mean that this type of attack won’t be weaponized or commoditized and spread through normal malware means. Over time, every sophisticated hack is packaged for everyday consumption.
Don’t let this sway you from supporting these vendors either. Microsoft has made enormous improvements in the security of their operating systems since Windows XP and continues to do so almost daily. The Surface line of hardware paired with Windows 10 and Windows 10 S makes for wonderfully modern and svelte solutions to almost any portable computing need. And no, this Mac user was not paid to say that.
The biggest take-away from this chain of events: don’t believe the hype. Nothing in unhackable. Nothing is perfectly secure. Cybersecurity is about knowing and managing risks, not the unattainable impenetrable network.
Main Reference: http://www.zdnet.com/article/microsoft-no-known-ransomware-windows-we-tried-to-hack-it/
How prepared is your company for a hack or breach?
Contact us today for a free and confidential consultation.
501-590-3278