Tuesday, March 06, 2007

XBOX 360 also Vulnerable!

It was only a matter of time until someone discovered an interesting vulnerability in the Xbox 360... Well, the designers of the Xbox 360 went to extreme lengths to try to make it "unhackable" and chose a special hypervisor design in which, unlike previous generations of gaming consoles, games no longer take over the system. Together with a method to inject data into non-privileged memory areas, this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access. As a matter of fact if you read the actual description you will notice that it is a subtle bug with one instruction in the validation path only looking at 32 bits of a 64-bit register with a subsequent instruction acting on all 64 bits. Now for the good news: this has been patched since January 7th 2007. But still ... this could be the beginning of course. Can an Internet-connected games console be an interesting addition to the available systems for a botnet or a virus? Well there are many parameters to the game. On the one side you have low-latency high-speed lines favoured by gamers but on the other side you have a totally new operating system which you have to develop for, not to mention the connection time of these systems. What are the chances of a games console being left on a whole day compared to a home PC on a high-speed line? So is it worth to develop a new engine and a virus to go after the Xbox 360's? Probably not yet because there are still plenty of Windows systems which will do just fine. However with more and more devices connected to the internet with a browser like the Nintendo Wii game console, it's just a matter of time in my opinion. When you can browse the internet or have some kind of access to email the problems will follow automatically. You can take my word for it. And oh yes ... Microsoft doesn't describe the Xbox update as a security fix. Instead, on its Web site it lists an "operating system update" for download, without stating what the update does.