Bruce Schneier

 

Blog

Crypto-Gram Newsletter

Books

Essays and Op Eds

News and Interviews

Audio and Video

Speaking Schedule

Password Safe

Cryptography

About Bruce Schneier

Contact Information

 

Schneier on Security

A blog covering security and security technology.

« Powder-Sized RFID Tags | Main | The Doghouse: Sniffex »

March 5, 2007

Xbox 360 Privilege Escalation Attack

Nice.

Posted on March 5, 2007 at 12:43 PM12 Comments

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

Pat CahalanMarch 5, 2007 1:06 PM

"We have discovered a vulnerability in the Xbox 360 hypervisor that allows
privilege escalation into hypervisor mode. Together with a method to
inject data into non-privileged memory areas, this vulnerability allows
an attacker with physical access to an Xbox 360 to run arbitrary code
such as alternative operating systems with full privileges and full
hardware access."

At least it's not a remote exploit. "Linux on Xbox360!"

Geoffrey KiddMarch 5, 2007 1:49 PM

Let's see, time to fix: 6 days. Stuff that merely inconveniences or destroys user's machines: Don't hold your breath.

Amazing how fast MSFT can fix things when they threaten control of "their" hardware.

UNTERMarch 5, 2007 1:58 PM

Pat,

But it makes remote exploits easier to write.

UNTERMarch 5, 2007 2:10 PM

Doesn't anybody teach these guys about Gödel? And I don't mean his proof of god's existence.

AnonymousMarch 5, 2007 2:18 PM

Unrelated, but congrats Bruce - number 31 of the 50 Most Important People on the Web:
http://news.yahoo.com/s/pcworld/20070305/...

bjimbaMarch 5, 2007 3:39 PM

It's really a shame that it's considered "an attack" to run the operating system of your choice on hardware that you purchased.

Fenris FoxMarch 5, 2007 5:55 PM

@Geoffrey Kidd

A few days to fix something threatening control of "their" hardware.. or Hollywood's precious "premium content." =:oD

"Windows has blocked an attempt to reformat your hard drive. Also, Windows Defender has detected a threat: Linux.2.6.*.Kernel. To protect your system, the following action(s) has been taken on your behalf: 100-pass overwrite."

hehe.. =;o)

Terry ClothMarch 5, 2007 8:00 PM

Is it possible to avoid having the bug forcibly fixed? I.e., if I have one of the vulnerable machines, can I connect to the Internet and keep my ``vulnerable'' version? Or will the machine automatically upgrade without my consent (or even knowledge)?

gregMarch 6, 2007 2:40 AM

@Terry Cloth

Not if you use XBOX live service.

@bjimba

Its an attack from the perspective of M$ of course.

You shouldn't to too harsh. Hardware outside of PC have been like this forever. If it was legal, you wouldn't be allowed to use non ford parts to fix a ford for example. Also the little chips in print refills designed so that 3rd partys can't produce the consumables of HP/whatever brand printer.

Hardware control is the norm. PC's have shown us a better way. I think?

Back on topic, they have taken much longer than I thought they would.--Oh wait. You can mod chip em and do what you want with the hardware.

DavidMarch 6, 2007 3:58 AM

@Terry Cloth

I'm not an expert on this kind of thing , haven't tried it and don't own a Xbox 360, but I'd bet that intentionally poisoning your own DNS and setting up Firewall outbound filter rules for non-game play protocols would block the auto-update feature while retaining the game play functionality.

Of course, they could require Xbox code/version checksum transmissions in the game play protocols, but by building game play proxies that monkey with it or manipulating the code of the Xbox to do the same thing (using the Privilege Escalation method) it should be possible to answer such questions with the expected updated value.

It all depends on how far and how much trouble you want to go to.

-Goodluck

Matt SaylerMarch 12, 2007 9:53 PM

@greg

I'm assuming you're not just trying to troll...

"Also the little chips in print refills designed so that 3rd partys can't produce the consumables of HP/whatever brand printer."

http://importance.corante.com/archives/2005/06/...

Bill McGonigleMarch 14, 2007 9:27 PM

I find it interesting to compare how Microsoft handles XBox 360 and Vista - in terms of quality, support, and security. Rather than retype my blog entry here, I'll just post a link for folks who want to take a shot at why the differences exist:

http://blog.bfccomputing.com/articles/2007/03/06/...

Post a comment




E-mail is optional and will not be displayed on the site.


Remember Me?


Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Powered by Movable Type. Photo at top by Geoffrey Stone.

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.

 
Bruce Schneier
Subscribe
Atom Feed Facebook Twitter E-Mail Newsletter (Crypto-Gram)
Subscribe via Kindle
Blog Menu

Search

Powered by DuckDuckGo


blog only
essays and op eds only
whole site

Blog Home Page
100 Latest Comments

Archives by Date

2013 J F M A M
2012 J F M A M J J A S O N D
2011 J F M A M J J A S O N D
2010 J F M A M J J A S O N D
2009 J F M A M J J A S O N D
2008 J F M A M J J A S O N D
2007 J F M A M J J A S O N D
2006 J F M A M J J A S O N D
2005 J F M A M J J A S O N D
2004 J F M A M J J A S O N D

Tags

more tags

Support Bloggers' Rights!
Defend Privacy--Support Epic
Latest Book
Liars & Outliers
more books by Bruce Schneier