Attacking Game Consoles On Corporate Networks

A pair of security researchers speaking at DefCon demonstrated how video game consoles, which are becoming increasingly common break room or team-building toys, can open vulnerabilities in corporate networks. "[They] found that many companies install Nintendo Wii devices in their work places, even though they don’t let you walk into the company with smartphones or laptops. (Factories and other sensitive work locations don’t allow any devices with cameras). By poisoning the Wii, they could spread a virus over the corporate network. People have a false sense of security about the safety of these game devices, but they can log into computer networks like most other computer devices now. In the demos, the researchers showed they could take compromised code and inject it into the main game file that runs on either a DS or a game console. They could take over the network and pretty much spread malware across it and thereby compromise an entire corporation. The researchers said they can do this with just about any embedded device, from iPhones to internet TVs."

Re:Don't plug it to internet

[Lumpy]

It's also moot. It is far easier to get inside the building and install a trojan machine. Hell a sheevaplug is $99.00 and with the right stickers can be made to blend in behind any copier or printer silently sitting there collecting data and mapping things out and reporting home.

Hell the dual ethernet one in line with the right printer and it will be fed tons of great documents on the companies secrets that it can email home. sitting there ignored because it has a big HP printing sticker on it and reports as if its the printer... Even a super security guru would miss that one in all their security sweeps.