DoublePulsar Exploit Tweaked to Work on IoT Systems

The NSA hacking tool – DoublePulsar – was used to infect hundreds of thousands of Windows computers with malware last year after it was leaked online by the Shadow Brokers hacking group. At the time, the hacking tool worked on all Windows versions except the latest Windows 10 version, but not on the Windows IoT operating system.

However, a security researcher going by the name Capt. Meelo has tweaked the hacking tool, which now works on the Windows IoT system. All that was required was a simple edit of the DoublePulsar Metasploit module, according to Beeping Computer. Capt Meelo is not the only researcher to tweak the hacking tool, as FractureLabs researchers did the same thing last year.

By using the FuzzBunch framework and exploit tools such as EternalRomance and EternalBlue, malicious actors can gain a foothold in a system and use DoublePulsar as a permanent backdoor.

The tools take advantage of a vulnerability that has been patched by Microsoft in the MS17-010 security update, although many companies were slow to apply the update. Following the exploitation of the vulnerability on hundreds of thousands of Windows computers last year and the exploitation of the vulnerability in the WannaCry and NotPetya campaigns, businesses scrambled to apply the patch and secure their systems.

However, since the hacking tool did not work on Windows IoT, companies may not have applied the security patch to their Windows IoT devices, such as ATMs and point of Sale (PoS) systems.

With this hacking tool now shown to work on Windows IoT, it is important for the MS17-010 security update to be applied to those systems to prevent malicious actors from accessing those devices and adding them to a botnet or accessing data that is stored or passes through those devices.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of