Schneier on Security
A blog covering security and security technology.
« Powder-Sized RFID Tags |
| The Doghouse: Sniffex »
March 5, 2007
Xbox 360 Privilege Escalation Attack
Posted on March 5, 2007 at 12:43 PM
• 12 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
"We have discovered a vulnerability in the Xbox 360 hypervisor that allows
privilege escalation into hypervisor mode. Together with a method to
inject data into non-privileged memory areas, this vulnerability allows
an attacker with physical access to an Xbox 360 to run arbitrary code
such as alternative operating systems with full privileges and full
At least it's not a remote exploit. "Linux on Xbox360!"
Let's see, time to fix: 6 days. Stuff that merely inconveniences or destroys user's machines: Don't hold your breath.
Amazing how fast MSFT can fix things when they threaten control of "their" hardware.
But it makes remote exploits easier to write.
Doesn't anybody teach these guys about Gödel? And I don't mean his proof of god's existence.
It's really a shame that it's considered "an attack" to run the operating system of your choice on hardware that you purchased.
A few days to fix something threatening control of "their" hardware.. or Hollywood's precious "premium content." =:oD
"Windows has blocked an attempt to reformat your hard drive. Also, Windows Defender has detected a threat: Linux.2.6.*.Kernel. To protect your system, the following action(s) has been taken on your behalf: 100-pass overwrite."
Is it possible to avoid having the bug forcibly fixed? I.e., if I have one of the vulnerable machines, can I connect to the Internet and keep my ``vulnerable'' version? Or will the machine automatically upgrade without my consent (or even knowledge)?
Not if you use XBOX live service.
Its an attack from the perspective of M$ of course.
You shouldn't to too harsh. Hardware outside of PC have been like this forever. If it was legal, you wouldn't be allowed to use non ford parts to fix a ford for example. Also the little chips in print refills designed so that 3rd partys can't produce the consumables of HP/whatever brand printer.
Hardware control is the norm. PC's have shown us a better way. I think?
Back on topic, they have taken much longer than I thought they would.--Oh wait. You can mod chip em and do what you want with the hardware.
I'm not an expert on this kind of thing , haven't tried it and don't own a Xbox 360, but I'd bet that intentionally poisoning your own DNS and setting up Firewall outbound filter rules for non-game play protocols would block the auto-update feature while retaining the game play functionality.
Of course, they could require Xbox code/version checksum transmissions in the game play protocols, but by building game play proxies that monkey with it or manipulating the code of the Xbox to do the same thing (using the Privilege Escalation method) it should be possible to answer such questions with the expected updated value.
It all depends on how far and how much trouble you want to go to.
I find it interesting to compare how Microsoft handles XBox 360 and Vista - in terms of quality, support, and security. Rather than retype my blog entry here, I'll just post a link for folks who want to take a shot at why the differences exist:
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.