Security Concerns When Consoles Go Online?

VonGuard writes "I've written an article for Security Focus about the security concerns that having an Xbox or Playstation 2 on your network might raise. The article, entitled Welcome to the Jungle was an interesting experience to write. I really think that Sony will end up having some trouble from their stance on third party security design, while Microsoft might end up smelling like roses. Too bad MS shipped the Nimda virus with their Korean version of .Net Visual Studio."

X-Box already cracked!

[jmd!]

X-box will have better security you say? Right... man, I can't WAIT till consoles are on line... I love laughing at security holes in all the crap I don't use, or know how to use properly.

X-Box was already cracked. It didn't get much press covereage... Eweek did a story, here's the reg's:

http://www.theregister.co.uk/content/3/25568.htm l

More recent discussion of this issue

[The+Optimizer]

can be found at news.com and of course there is that little article I wrote for Game Developer (which has already been covered twice here) at gamasutra.com

-Matt Pritchard

Re:More recent discussion of this issue

[warmcat]

Here is another news.com story about x-box hacking and the new generation of x-box modchips. The author actually interviewed me by email and lifted some choice quotes at the end of the article.

Bad, bad box, bad!

[juliao]

The difference of attitude between MS and Sony is striking: Sony chosses to "open" its system, letting developers implement new things, potentially allowing devices other than Sony consoles to access their network. Microsoft, on the other hand, chooses to "close" their system, specifying their own methods and protocols, and creating a supposedly XBox-only network. What is wrong with this picture?

In fact, this looks very much like the Unix-Windows security arena. Unix has been traditionally open. All the protocols are open, and, especially, the implementations never assume that they know who or what is on the other side. This, in fact, is one of the critical aspects of security. Never trust the remote. Ever. Always assume that things can be spoofed, always assume that all and every piece of data you receive has NOT been validated by the remote. This is the Unix way of doing things. This, in fact, is the right way of doing things.

Alternatively, you can start "trusting" the untrustable. You can build a single platform network and assume that all data sent from the remote is "good data". This is naive, and leads to disaster.

Remember the "ping of death" vulnerability that existed on Windows machines: why did it exist? The simple answer is that it was there because the ICMP stack was badly coded. Right. But that's only half of the story. In fact, it was there because of Microsoft's way of thinking. Microsoft always assumes that things are under full control. The ping of death vuln existed because the Windows version of "ping" did not allow for larger-than-a-given-number packets to be sent. And the Microsoft way of thinking is "if the client can not send it, the server can neglect checking for it". That way of thinking has lead to many of the security flaws in Microsoft products.

The truth is, things are not always under full control. The XBox can be hacked locally, changed into allowing modifications to be performed on the "Microsoft trusted" software components. Other kinds of machines can be connected to the network and made to pretend to be XBoxes, while still allowing full control by the owner on what gets sent and to where.

In short, by choosing to create an "XBox-only network", Microsoft has taken the step that will make its network fundamentally insecure. If you still can't see why, think of it in the Disneyland way Microsoft suggests. What they are in fact saying is that "since the Disneysoft is secure, you can trust everyone there". The things you normally tell kids to do, like "never take candy from strangers", are no longer in effect inside the Disneysoft. Inside Disneysoft, you can take candy from anyone. What is the rationale behind this?
That "bad people" can't go inside? Wrong.
That "bad people", once inside, can't give you candy because "giving candy" is not an option? Wrong - if you own the box, everything is an option.
That if "bad people" do this, they will be expelled? Sure. They can expell all they want. That won't prevent them from coming back, and it certainly won't prevent your kid from being dead.

A last thought: People go around saying "what can happen? someone steals your save game? so what?".

Well, on one side, the XBox is being touted as a future "computing/internet/browsing platform". That means all kinds of sesitive information is going to get stored in its hard disk. And while having your save game stolen can be little more than a nuisance, having your personal data, personal files and credit card information stolen can be a bit more serious than that.

On the other side, the XBox has a network adapter. And guess where it is going to sit? Right on your home network. Together with your PC. Together with your other local devices. Probably inside your firewall? Great target for a hacker to attack and, from there, jump on to your private network. Sure, you can always firewall it, put it on a DMZ. Sure... Microsoft does not have a good security record.

Secure? No, just obscure...

[NewbieV]

eweek is linking to a report (PDF format) from a student at MIT detailing how Microsoft is using a hardware-based encryption key in the Xbox. The bad news? The key is identical in every unit.

Warranty void if you're rooted or get a virus

[morcheeba]

Section E of the warranty (page 18) says "Exclusions from limited warranty. This limited warranty shall not apply and Microsoft has no liability ... if the Xbox Product:" ... (section E5) "is damaged by programs, data, viruses, or files, or during shipments"

Not that you'd ever get one with the military grade security, but it's reassuring that Microsoft has no responsibility to do anything...