xBox 360 May Be Juicy Target For Hackers

D

Deepak

B3D Yoddha
Veteran
http://news.yahoo.com/s/cmp/20051022/tc_cmp/172303225

"Even game consoles are under attack by hackers, a security company noted Friday. But although the current crop poses little risk to the average player, the next generation may if attackers decide to take on the Internet-centric xBox 360, Microsoft's next game machine."

**********

Are we moving into a future wherein virus/trojan etc may infact be a security threat to an average console gamer?
 
Deepak said:
http://news.yahoo.com/s/cmp/20051022/tc_cmp/172303225

"Even game consoles are under attack by hackers, a security company noted Friday. But although the current crop poses little risk to the average player, the next generation may if attackers decide to take on the Internet-centric xBox 360, Microsoft's next game machine."

**********

Are we moving into a future wherein virus/trojan etc may infact be a security threat to an average console gamer?
Click to expand...

I think I may have said this before, but I truly believe MS has accepted the "Hacker Community" in giving the console a detachable HD. Now the "community" can continue with their homebrew software on one drive, and keep their system in compliance with the other. Of course all IMHO.
 
surely it's somewhat different on a closed system like xbox live?

i don't see that there's much opportunity... it's not like you can browse the internet/download random files on your 360.
 
The only reason viruses are so prevalent in the PC world is because people don't update windows/other software often enough and they have the abuility to "allow" malicious code to run on their computer. Most viruses either use a vunerabuility that has already been patched or social engineering to spread, I doubt either of these will be a problem on a closed system that, I presume, will forcefully auto-update.

I just don't see it happening, sounds like sensationalism to me. If it did happen it would be disasterous for MS.
 
IF as you say the consoles are forcibly updated, that means they need to be updated to fix vulnerabilities. And if those vulnerabilities exist to be fixed, they exist to be exploited. What's to stop someone writing malicious code before the update fixes the exploit?

I hope that the consoles are are a lot more secure simple by implementing basic security features like not releasing your software with every single TCP port open! As long as they eliminate buffer overrun and limit accessibility of downloadable executables, hazards should be extemely minimal. This is possible on a closed box system that implements a content portal where software can be screened before release.
 
Deepak said:
Are we moving into a future wherein virus/trojan etc may infact be a security threat to an average console gamer?
Click to expand...

Both the Sony PSP and Nintendo DS have viruses out for them.
 
Though these are of the variety where the user has to intall and run them themself, which isn't a 'real' security risk in the sense that if people didn't run any old homebrew hack they wouldn't put themself at risk. The real concern for security is when a typical user in their day-to-day activities might get hacked, such as webrowsing on the PSP. Though with the .png exploit could that not have happened if an virus was embedded in a .png on a webpage?
 
PCs are more vulnerable because it's a general purpose machine designed for rich application eco-system, meaning the easier it is to extend and add to the system, the better. In other words, the same things that enable developers to write cool applications allow virus-writers and hackers to write trojans, viruses, etc. The more you lock down this system to prevent illicit applications from running, the more difficult you make it as an application ecosystem.

It would appear to me that consoles are the exact opposite. They are designed from the beginning to be a locked down environment. The biggest issue would be exploits from bugs (such as buffer attacks or some kind of script injection), but this is easier to contain on a closed system.

.Sis
 
The only reason viruses are so prevalent in the PC world is because people don't update windows/other software often enough and they have the abuility to "allow" malicious code to run on their computer.
Click to expand...

That is not true at all. Whilst the software exploit has been found by some shrewd programmer intent on creating mayhem and havoc, the response is not immediate so that no system is ever affected. It is a chicken and egg scenario, and the onus should never be on the end-user to fix the problem. This is just one of the reason why viruses are so prevalent in the PC world.
 
Shifty Geezer said:
Though with the .png exploit could that not have happened if an virus was embedded in a .png on a webpage?
Click to expand...
Not sure what PNG exploit you're talking about, normally PNGs contain as much executable code as a text file; ie, nothing at all.

It will always be harder to sploit a console/closed system, for starters it's harder to pick apart the software for it (particulary true for x360 for example with its powerful copyright protection system). Second, news about possible vulnerabilities will not be as widespread, and much fewer people will have the tools neccessary to build executables for these consoles.
 
There was an exploitable buffer overflow in the png decoding of the browser, and apparently the PSP CPU has no protection against buffer overflow attacks. You'd think microsoft&sony would be smart enough to include such protection this time around though.

Preventing viruses/trojans from being able to permanently cripple hardware is easy though, every firmware update has to be signed and checked either by hardware or by firmware running in a secure environment ... and the firmware has to be able to whipe/reset all the other software run on boot.

I would be surprised if Sony&Nintendo did not have UMDs/carts in their customer service departments which on boot will do just that (if they need to mechanically replace the flash chip to repair them then someone made an idiotic design decision).
 
Last edited by a moderator:
I don't really see viruses being a big problem with the Xbox 360. On the PC there are many uncontrolled media that can be used to deliver viruses such as floppies, email and websites. I seriously don't see how hackers can do that unless they do it from inside MS.

With the PS3, I see that being a possibility since Sony is allowing homebrew Linux development on the PS3. With the PC advantages come it's disadvantages as well. There's always a compromise between freedom and security.
 
The expoloit was not in the PNG code, the exploit was the in TIFF code. The combination of the PNG and TIFF though was required to get things to work. The TIFF file caused the overflow and moved the instruction pointer to a predefined location that is where the PNG file got decoded (which contained the new code to be excuted).
 
Alpha_Spartan said:
I don't really see viruses being a big problem with the Xbox 360. On the PC there are many uncontrolled media that can be used to deliver viruses such as floppies, email and websites. I seriously don't see how hackers can do that unless they do it from inside MS.

With the PS3, I see that being a possibility since Sony is allowing homebrew Linux development on the PS3. With the PC advantages come it's disadvantages as well. There's always a compromise between freedom and security.
Click to expand...

I agree. With the 360, you can't download from just anywhere, it's got to run through one of MS's servers, so to spread a virus you'll not only have to hack the Xbox, but you'll have to hack MS's corporate security on their Xbox Live system.

The PS3 is wide open to attacks though. Not only is it open for attacks, but there isn't any software out there to prevent or remove a virus from the system.
 
Either bad or good PR its all worth it... whats next? China orders 1m Xb360's to equip in missiles as guiding systems? ;D
 
Tahir2 said:
That is not true at all. Whilst the software exploit has been found by some shrewd programmer intent on creating mayhem and havoc, the response is not immediate so that no system is ever affected. It is a chicken and egg scenario, and the onus should never be on the end-user to fix the problem. This is just one of the reason why viruses are so prevalent in the PC world.
Click to expand...

The vast majority of windows vunerabuilitys are patched before proof of concept code is released or somone writes a virus exploiting the security hole. Most self replicateing viruses use exploits months out of date, if a self replicateing (fully automated) virus was released into the wild before MS knew about the vunerabuility and virus scanners didn't detect it on the fly...

No doubt a system of the Xbox360's/Lives' complextity will have a number of applicable exploits for a virus to use, but the chances that a black hat hacker will find one of these first and create a virus that uses it before anyone else finds out about the exploitare, are quite small.
 
You must log in or register to reply here.

Similar threads

N
The Register: Xbox 360 vs PS3
Replies
12
Views
3K
Lord Darkblade
L
Unknown Soldier
A virus may be in your car's future
Replies
0
Views
966
Unknown Soldier
Unknown Soldier
Back
Top