Schneier on Security
A blog covering security and security technology.
« Security Risks of Airline Passenger Data |
| RFID Hacking »
May 10, 2006
When "Off" Doesn't Mean Off
According to the specs of the new Nintendo Wii (their new game machine), "Wii can communicate with the Internet even when the power is turned off." Nintendo accentuates the positive: "This WiiConnect24 service delivers a new surprise or game update, even if users do not play with Wii," while ignoring the possibility that Nintendo can deactivate a game if they choose to do so, or that someone else can deliver a different -- not so wanted -- surprise.
We all know that, but what's interesting here is that Nintendo is changing the meaning of the word "off." We are all conditioned to believe that "off" means off, and therefore safe. But in Nintendo's case, "off" really means something like "on standby." If users expect the Nintendo Wii to be truly off, they need to pull the power plug -- assuming there isn't a battery foiling that tactic. Maybe they need to pull both the power plug and the Ethernet cable. Unless they have a wireless network at home.
Maybe there is no way to turn the Nintendo Wii off.
There's a serious security problem here, made worse by a bad user interface. "Off" should mean off.
Posted on May 10, 2006 at 6:45 AM
• 103 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I'm with you there Bruce - I certainly would not want my games updating when the console is off - it's bad enough updating when the ruddy thing is on. The number of bugs that have appeared in games because of patches is rediculous.
I just saw a presentation from Intel yesterday, and they described the same functionality in their new PC processors.
They call it "vPro". It's an extension of wake-on-LAN, and it basically allows IT managers to access / query / upgrade PC's on the corporate network, even if the PC is "off" or if the O/S has crashed!
This is what power strips are for!
I agree. It's like my stereo at home, and the one in my wife's car. They have a mute button that does not turn the sound off, just lowers it a little ( yes, I know that's the the definition of "mute" ) but it still irritates the heck out of me.
I suspect it won't be as bad as it sounds. For example, if you press the power button on the front, the PlayStation 2 goes into standby mode, shown by a red LED; if you want to turn it off completely, there's an easily-reached power switch at the back. I imagine that the Wii will have something similar, though we won't know until we shots of the port arrangement (something that will probably turn up quite soon).
Somehow, I doubt that Nintendo is looking to deactivate games or some other DRM like trick. Their market is younger players and destroying a game or save games would make kids (and parents) avoid nintendo in the future.
It would be an expensive mistake to make and unlike Sony or Microsoft, they don't have much of another business to fall back on.
"The number of bugs that have appeared in games because of patches is rediculous."
I believe that it still compares favorably to the number fixed bugs.
Furthermore, in most online-games (e.g. WoW), you won't have a choice to run anything except the up-to-date version.
Under these circumstances an update transparently in the background when the system is otherwise inactive may be preferable to downloading/installing it when you want it least: At the moment you are connecting to actually *play* the game.
While I agree with the risks you point out (security, unwanted updates), more and more products today don't truley turn off when you press the power button. Your VCR never did , your cable box doesn't, and even your DVD doesn't shut all the way down. Welcome to the new meaning of off.
Agreed about your main point, but with regards to how people are conditioned to think of "on" and "off": Haven't certain kinds of home electronics been like this for years, if not decades? VCRs remain "on" when turned "off", using just enough power to remember when they're supposed to wake up and start recording. They are never really off, except when they're unplugged, and I think the public is probably used to that by now.
I think the statement "'Off' should mean off" is one of those dogmatic statements that loses meaning when you examine it closely. If "off" always meant off then you couldn't turn your television on with a remote control. You turned it off, how's it going to receive the remote command and turn back on? Even pressing the off button on the front of your computer (the little circle with the line going through the top of it) is really putting it into a standby mode.
'There's a serious security problem here, made worse by a bad user interface. "Off" should mean off.'
I assume TiVo faced a similar issue, and they decided to have no off button.
Dish Network's satellite receiver is the same way. In fact they instruct you to turn it "off" at night so it can upgrade it's firmware. It also calls home to report PPV usage while "off", assuming you keep the phone line plugged into it.
Bruce was fairly clear on the distinction between 'off' and 'standby'. Yes, VCRs and most modern electronics are designed to go into a standby mode. In my experience however, they are usually well labeled: my Sony PS2 ha an LED on the front bezel labeled "standby," as did my JVC television (not replaced post-Katrina), NAD stereo amplifier, and offbrand laptop.
The key point here is that the old meaning of 'off' and 'standby' are gone with new devices such as Wii and Tivo. The distinction between the terms for normal users has never been clear. Parents alway tell their kids to, "turn the TV off." With these new consumer electronics, that means that the devices are still connected to the Internet and potentially performing major changes to themselves. Microsoft Update doesn't pull your computer out of standby and connect to the Internet to download and install new software and security patches; not yet anyway.
Why not call it "Update Mode" rather than off?
There is also a power waste problem. If everyboy turned OFF (not standbyed) all their electronic gadgets (TVs, VCRs etc.)when they are not in use, there would be a power saving in the US equivalent to the output of several nuclear power stations!
I wonder what the cost would be to devices if they switched to non-volatile memory to hold onto critical information (like TVs keeping favorite channel listings, for example) with a lithium-ion battery-powered timer for those devices that actually need to handle scheduled events. Having my devices actually turn off would be a nice change.
They could at least rename the ``Off'' switch:
Ford flipped the switch which he saw was now marked "Mode Execute Ready" instead of the now old-fashioned "Access Standby" which had so long ago replaced the appallingly stone-aged "Off".
(DNA, So Long And Thanks For All The Fish)
"If everyboy turned OFF (not standbyed) all their electronic gadgets (TVs, VCRs etc.)when they are not in use, there would be a power saving in the US equivalent to the output of several nuclear power stations!"
I'd say it'd be equalivalent to the suns output for .00000000000000000001 seconds.
To those mentioning that lots of devices actually go into standby when they are 'off', you're missing the point: my TV doesn't have updates and "surprises" (Nintendo's word, here) delivered while it is on standby.
The problem is that people are trained, for the most part, to think of "off" as "offline" (even if they know it's on standby); on the Wii, "off" is not offline -- and it raises the question "what if I don't *want* those updates and surprises?" Sure, there are power strips, but what do I lose by unplugging the device?
And it's not just updates, either: according to Nintendo, people will be able to "visit your town", which I can only imagine means access data stored on your Wii. (Ok, that sounds pretty funny out loud...) The implication that the public might be able to access a device when it's "off" raises some serious ickiness.
From the cool-features point of view, this sounds really wonderful. I think that from the security side it should be viewed as an opportunity rather than a danger: how do you make a device secure against the attacks you want it secure against when it's always attached to a network? For that matter, how do you handle software updates and memory leaks and all manner of other transitions when there's no guarantee a machine is going to be power-cycled or even restarted in any arbitrary period of time?
Of course as someone who has never owned a game console this is easy for me to say. But if Nintendo can make a system robust enough to do what personal computers can't (I know people who put off upgrades for months because they don't want to recreate complex state on their desktops), then more power to them. And if they can't, their experience will be instructive.
I agree completely with those who state that we are not talking about efficiency or convenience, but rather, about reduced control on the hands of the consumer.
People should have control over what personal nformation these devices can transmit to third parties, and what "surprises" can be installed in their property (because we are talking about *buying* a Wii, not *leasing* it) without their knowledge (or even without their consent).
However, this goes beyond the "off" button. If the device will update itself without notice, silently send information to random destinations (for instance, sniffed traffic an an internal LAN obtained through a hacked device), or accept and install updates from possibly supplanted sources, it will do so when it is turned *ON* as well.
The point is to prevent the thing from doing it at all, either when 'on' or 'off'.
From what I understand, the Wii has no Ethernet port – it’s wireless only.
For what it's worth, I never really knew all that stuff actually didn't turn off. I kind of suspected it, since I couldn't understand how a remote could turn a TV on if the receiver wasn't getting powered, but I didn't let it worry me too much.
I think you all might be taking the "consumers know off doesn't really mean off" thing a little too much, since I'm a fairly knowledgable consumer and at 21 years old all my electronics have likely been doing this all my life. I'd wager that most consumers really do think that off really means not drawing power and not active in any manner, or at least think of it like that even if they know better (I think the term "false consciousness" might apply here, but then again I hated sociology).
remember the wisdom of humpty dumpty, the issue isn't the meaning of individual words like "off", it's "who is to be master, that's all."
dudes and dudettes, your mastery over your appliances, cars and other objects you purchased outright with your own money seems to be in play now.
future home design will meet the challenge of future technology: faraday closets!
You know, when you hang up your phone at home, you only think it is 'off.' It is really just in a 'listening mode' where by 'the powers that be' are listening to you talk, the TV you are watching, etc. Have fun!
"visit your town" does not mean acces your data. They were talking about Animal Crossing - and it realy means - visiting your town in the game.
>>I'd say it'd be equalivalent to the suns output for .00000000000000000001 seconds.
That has not stopped the states and the UN from looking to stick fingers in:
I was told years ago (before the 911 paranoia) that the EU standard for phones included (usually not implemented) a feature for remote turn on of the phone for listening, even though it was on hook. I wonder if this has made it quietly into new production models.
I think you are reading too much into this.
It is probably NOT on the Internet. But it uses the internet connectivity when it comes back up to create the illusion that it was: Things happen, worlds change, etc.
Nintendo has already done games with a real-time-clock component (different things happen at different tiems of the day): using the net just extends this: you check when the game powers on to see what has happened.
is everyone assuming it won't have a powerful firewall to block that "unwanted" stuff. or perhaps that nintendo isn't stupid and certainly won't deactive games?
when's the last time you actually saw an electronic device that said "Off"? Mine say "power" at best, a circle with a line in it normally.
So are you worried that nintendo will be uploading Porn to the Wii?
I think you are being a little bit too worried about this.
Nintendo will obviously place security measures just like the X360. I trust nintendo to us some good encryption techniques. but think about this, the Xbox-360 dashboard shows pictures or advirtisements of the xbox live market place. Its the same deal.
I don't think that any of this is relevant. Because Nintendo will be able to update your console without you having it on. Microsoft can update the 360 while its on, so Nintendo is making the update process unnoticable. Innovation is what nintendo does best. this new feature i find to be quite welcome.
Years ago, the place I worked had a "fire" in the data center. When the fire department arrived, and they received assurances that the power was cut off to the data center, they entered, and were shocked (almost literally!) to find that lots of blinky lights were still on! It turned out that most of the equipment was on standalone UPS devices, which obediently kicked in when the master power was cut off.
Now, standalone UPS is either banned in the data center, or it has to be connected to a "positive power off" button at the Security desk (that would be the "When I said 'Off', I meant 'OFF', dammit!" button.)
Hey monkeys....just don't connect it to the internet, there is your "off".....problem solved....now quit complaining....
I think this is a bit overreacting. Nintendo will still allow you to turn off your Wii. You will also be able to let it go into standby mode which is what they are talking about. For all of us who feel comfortable in our tin foil hat we would never allow a proprietary network connected device loose on our networks without taking precautions. My videogame systems are on a separate subnet, get specific firewall rules and I can even tell my switch to turn off those ports at specific times.
People this paranoid should probably buy a board game instead.
Battleship is a good one - all you have to worry about is the opponent cheating...
My TiVo already has an "off" that isn't "off". The solution? A firewall that not only prevents unwanted data from coming in, but also private demographics from going out.
There will most likely be plenty of options in the OS that allow one to disable autoupdates, or perhaps disable WiiConnect24 completely so that it does turn off.
Umm, I get the problem of "newspeak" and the issue we have in redefining words but the fact is languages evolve all the time. New words are born, old words die, and others take on new meanings.
I think the biggest concern about this, the moment I heard the Wii will be online 24/7, is the possibility of millions of Wiis becoming zombies when somebody figures out how to communicate with them and ... oh, look, a buffer overflow ...
the subtlety of the problem has obviously surpassed your limited reasoning faculties. if your device is wireless-enabled and your neighbor has a wireless system, your device could well remain connected to the internet even after you have unplugged all cables and lines and attempted to turn it off. now do you get it?
I've been noticing this for years. Even my computers, the last few I've had, have had scheduled startup ability. It bothers me that my computer can turn itself on!
All those "robots/technology become intelligent and take over the word" stories were never possible before because of that simple switch which made a satisfying "click." Now… anything could happen. Or, more realistically, a virus could have millions of devices turn on at night to form a powerful botnet.
Reading the specs it seemed to imply that 24 hour mode (which may be the default, may not be) could also be turned off. Therefore if you didn't want it to connect to the internet while you weren't playing, it wont. Seems sensible to me.
"This WiiConnect24 service delivers a new surprise or game update"
Oh, that's why i never liked surprises. Now i remeber why that is. :)
As mentioned somewhere above, the TiVo also does not have an 'off' button. What wasn't mentioned, but is also comparable to the Wii is that the TiVo also automatically downloads updates when it's "off", some of which have added undesirable features and have removed desirable ones in the effort to exert control over the usage of the TiVo.
Something that can be done with the Wii that's not so useful with the TiVo is to simply plug the Wii into a power strip and use the power strip's OFF button to completely cut power to the Wii. It's off now. It has an off button. Problem solved, yes?
Also, since it's mentioned above that the Wii is wireless, something that a savvy owner can do which might limit the Wii's nocturnal exploration of the Internet would be to set up access rules on your wireless router which limit the times at which the Wii can use the internet connection. Chances are, however, that the Wii will simply retry the update over and over until it finally has a connection.
The real solution is to know in advance that it creators can do whatever they like to the Wii after you've already purchased it and can do so whether you like it or not, whether you agree or not. And, realising and understanding this information, you need to decide if you really want the Wii despite these things. If not, then DO NOT BUY IT.
If what you want it the Wii and all its nifty features, but without the ability to update without your permission, then what you need to do is NOT buy the Wii until it's changed into something you will buy. OR buy a competing product that has the features you like and lacks the failings you hate.
If you complain about the Wii *but still buy it*, its creators *still* have your money! What motivation do they have to change it if all they need to do is ignore you and yet they still get your money?
I love how threads regarding videogames and videogames systems immediately attract non-security posts.
> I trust nintendo to us some good encryption techniques.
This is a bad security stance. As JimboBillyBob pointed out, the threat is that millions of Wiis become zombies when somebody figures out how to communicate with them and exploits a buffer overflow. As an individual, you have the right to trust Nintendo.
However, the general Internet community has a right to point out that this is bad security, especially given the fact that when some worm virus does hit Nintendo Wii's (or Xbox360s or the new Playstation 3 for that matter), the resulting traffic storm will DOS our collective network connection(s).
I think you grossly mislead here ... I don't expect my alarm clock to be "off" when I turn it "off". I don't expect my VCR/DVR to be off ... it's the only clock in the living room. I don't expect my microwave to be "off" when I hit "off" ... it's the only clock in the kitchen.
Perhaps Nintendo should put an LED clock on the front ;-)
"Something that can be done with the Wii that's not so useful with the TiVo is to simply plug the Wii into a power strip and use the power strip's OFF button to completely cut power to the Wii. It's off now. It has an off button. Problem solved, yes?"
There is this solution, but also from the specs page the WiiConnect24 service can be disabled, I think this solves the whole thing quite nicely?
I wouldn't be worried about a battery. The Wii lacks the formfactor to house a laptop-style Li-On battery, which it would most definately need to operate a wireless card. They don't run too well of of AAA's. That, and it'd just be inconvienient. I'm also fairly ceratain that they'll stick something in the BIOS or Firmware to disable it. (In fact, I'd imagine the FCC would mandate such a feature).
This is silly. Most electronic gear only goes to stand-by when they are "off". Like TVs that respond when you use the remote despite them being "off". Heck, even cell phones are not off when turner "off". Otherwise how would they ring their alarm clock when off?
It's a big waist of energy everywhere but most electronics behave like the Wii. The big deal is that I'll call home when on stand-by. But that's easilly solved. It certainly will be optional and for the energy savings powerstrips make sure "off" is off.
> It will certainly be optional
As other have said here, the service can be disabled, so in one sense it is "optional".
However, "enabled by default" is not the same as "disabled by default". Have a service be "enabled by default", and most people won't turn it off, for many different reasons. Some people won't be aware that it's on by default. Others won't understand the implications. Some won't care enough to turn it off. Others trust their vendor, and would turn it on in any event.
If you have a desktop PC with network plugged into an Ethernet card, take a look at the card after you have shut down the PC. Chances are you will see a green light showing that the network is still active. The card still has power so that wake-on-LAN can work (if you haven't disabled it) and maybe other functions. "Shut down" doesn't mean "off".
All Nintendo have done is put in something like wake-on-LAN with a process that lets them (and hackers, no doubt) fiddle with the box remotely. At least they have been open about the fact that the facility exists.
If the service is opt in, there is no invasion of privacy. Take off your tinfoil hat you loon :P
Did you buy the Wii or did you license the Wii? If licensed, their terms apply.
"If the service is opt in, there is no invasion of privacy. Take off your tinfoil hat you loon :P"
Malicious use of hacked devices in zombie networks is not "opt-in". And its effect is compounded if you add an army of devices that not only allow, but *expect* to be remotely controlled and reprogrammed. If past experience tells us anything, it that the vendor's understanding of security is that it is a necessary evil that needs to be addressed but are quite ready to throw it overboard if it gets in the way of users doing things as transparently and easily as possible. In my opinion, this system will eventually be compromised, and you, my dear Fartmonger, may never know what hit you.
I still remember when "OFF!" meant you wouldn't be bitten by bugs.
"If the service is opt in, there is no invasion of privacy."
This wins most rediculous comment of the day.
That has reminded me that, as I remember, UL requires that the label read 'power' instead of ON/OFF where the device is not actually shut down
This has caused issues at our site when some cards on auto detect misread the 10/100Mb bandwidth setting. Shutting down the computer did not force a reset of the card, only physically pulling the wire did that.
Many people have commented that other devices are actually on standby when off: VCRs, televisions, and so on. We know this is true because we can turn them on by remote control.
To me, the difference here is that the Nintendo Wii can be controlled via the Internet even when "off." It really is on, and not merely on standby waiting for a remote-control signal to turn "on."
What is ridiculous are the ludites who think the Wii is the first device that has a placebo off.
There is definitely a difference between an appliance in standby (which awaits user input to resume operation) and this device (which awaits user input to resume operation and also awaits non-user commands to *change operational modes*).
Berkeley weighs in:
According to the researchers at Lawrence Berkeley National Labs up in the Berkeley hills, “Americans spend nearly $1 billion dollars each year to run their TVs and VCR when these products are switched off.��?
That's a lot of Wii
No one thinks the Wii is the first to have what you call a "placebo off" (nice term, btw). The point is, as Bruce and I have both said earlier in the thread, it's not just on standby -- running a timer or receiving a remote signal -- it's *actively connected to the Internet* while it's "off", and Nintendo (and therefore, presumably, an attacker) can update the machine in this state.
The Wii's controller's "power" button is, in fact, the offical symbol for "not really off" (broken circle with line through it). The user interface is correct. This is identical behaviour to hundreds of other devices out there as was already mentioned.
Wow. I'll be the first to admit to being a total Nintendo fanboy having owned most iterations of their game consoles from the NES up.
I currently while away all my time spent traveling (waiting at airports, hotels etc etc) fooling around with my DS that with its touchscreen and wifi and dual screens offers some really innovative games. And I can see the same thing happening with the Wii with its exotic controller (that others are now quickly 'integrating', see Sony PS3).
But dang! a machine that is off should be off, not go on the internet behind my back. Imagine the world when UMTS (or CDMA or whatever you call it) modems and connections become ubiquitous and get built in to all kinds of consumer hardware.
I never considered a VCR as going into "standby" mode. My mental model of how one worked is the same as how a lamp on a timer works. The VCR has a built in timer that turns it on when it needs to wake up. Once it's on, it starts recording. The VCR is incapable of waking up, unless I specifically tell it to. By default it does not wake up. As for the television -- as far as I'm concerned, it's off. My TV can't turn *itself* on, it needs me to hit a switch. Wether the switch is on a remote, or the TV is irrelevant as to wether the TV is off or not. Saying that a TV isn't truly "off" because it is able to wake itself up when the user hits the remote is like saying a light switch isn't off, because it has enough power to turn the lights back on.
So far, all the examples of popular electronics people have mentioned have still preserved the semantic meaning of off, except that they are drawing small amounts of power when "off". It sounds like the Wii does not do this, especially if by default it does complex updates when turned "off".
I wish more technical security people had a good grasp of interface design fundamentals.
Nobody has mentioned that the controllers also have wireless microphones in them. Guess I better not say anything bad about Nintendo, they might be listening while I'm not playing.
Well, as Bruce points out, the real issue is that, unlike all the VCR and cable box examples, the Wii is meant to be upgraded and ontrolled remotely via the internet. That is a huge difference. Even my home computer and laptop are actually 'off' when I turn them off - meaning /Windows update doesn't work. Not so the Wii.
I'm going to have to brush up on my PPC assembly language and get ready. There is going to ba a lot of work soon removing rootkits and trojans from Wii's.
And if you don't think they guys and gals that frequent Milw0rm and various IRC channels aren't already figuring ways to exploit this doorway into a networked system, you are deluded.
I predict a Wii worm or rootkit within 10 days of release.
>> You know, when you hang up your phone at home, you only think it is 'off.' It is really just in a 'listening mode' where by 'the powers that be' are listening to you talk, the TV you are watching, etc. Have fun!
Shhh! The public isn't supposed to know about on-hook surveillance!
I unplugged my TV, and then tried to turn it on with the remote control. It turned right on.
"Maybe there is no way to turn the Nintendo Wii off."
Haha. Perhaps I am just in a silly mood, but talk about movie-plot threats...
and that is how yet another bad horror movie was born! Attack of the Nintendo Wii?
What if the Wii systems wireless, are we going to have to put it in a metal box to stop it from calling home?
..my iPod Nano (and I assume other iPods) can't be turned off, just put to sleep.
I'd rather wait another second to turn it back on properly after turning it off than have it 'spring' back to life while perpetually sucking battery power.
phizm: It its, however, POSSIBLE to truly shut down your 'pod through the debug menu (look it up), and it'll shut down to conserve power if you don't use it for a few days.
I'd probably allow my Wii to update, but if a hack appeared that wouldn't last. I also hate the massive power wast4ge that's happening here.
... A few weeks ago, I had a power outage. The power went on and off over a dozen times during the day (mostly off, though). I turned my workstation off using the switch at the back.. I turned my firewall box off, which has an old fashioned toggle-pushbutton, unlike newer machines.. I turned my backup server off, too, but the thing with that machine is that the power supply has no switch - It's basically, "always on"..
After the power company was done flicking all their switches, I again powered up my boxen.. firewall booted up.. workstation booted up.... server... oops... power supply fried from all the surges on the line.. hmm, yup, motherboard fried, too.. If it only had an off switch (or if I'd been less lazy and unplugged it), I'd still be running that server..
"Standby" mode is popular because it gets marketroids excited. "It slices, it dices, it minces!" "so does everyone else's product." "ah, but this one does it EVEN WHEN ITS TURNED OFF!" "OMG! REALLY! That's AMAZING!" "Yeah, just think what it'd be able to do when its ON... I won't tell you, though, I'll just let your imagination come up with something crazy... for legal purposes, you understand."
dang it... I forgot to use the word "Whizzbang"...
It's off the way the TiVO is off. Which is to say, it's never off, unless you've pulled the plug.
It recently occurred to me that the landline is used to A) call and receive calls from grandparents; and B) so the TiVO can phone home. Hmmmm....
I justify the TiVO's intrusiveness by imagining myself to be a member of the New Nielsen-TiVO Generation. Is this good or bad? I don't know.
Will the Wii report on how often it is played and which games are played? What else can it do? "Your game console is watching...."
How long until the Wii starts scanning your home network and wifi neighborhood for people sharing pirated files?
How long? Immediately after you put your tinfoil hat back on.
Get real, it's a game system, and they're making it convenient. When's the last time you got a virus on your GameCube?
When's the last time you entered ANY personal data on your GameCube?
Most people leave their computers, with no anti-virus or firewalls, connected to the internet and powered on (not even in a sleep mode) 24 hours a day. I really think that's more of a security issue than the concept of a console game system downloading updates when it is not being used.
I realize Nintendo doesn't have big music or movie ties like Sony, but Sony's spyware was once something you'd think of as "tinfoil hat" too. Sony's software installation was unauthorized - but what if the console vender included said software in the official release?
> When's the last time you got a virus on your GameCube?
The main reason there is (so far as I know) no malware for GameCubes in the wild is that the great majority of GameCubes are not networked. On the other hand, Nintendo DS is an even simpler game device which IS networked, and guess what, already there ARE viruses attacking the DS. The Nintendo Wii will be networked and always on. It will certainly be attacked.
> When's the last time you entered ANY personal data on your GameCube?
This attitiude is both short-sighted and selfish. It is short-sighted because you see the issue of the day as identity theft and ignore other security risks. For example, most malware simply trashes systems out of spite. How happy would you be if your Nintendo console was turned into a piece of useless junk by malicious software? It is selfish because even if a computer system has no worth at all to its owner, if it is networked it can be used as a base for attacking other people, so not caring about its security makes you a bad neighbour.
> Most people leave their computers, with no anti-virus or firewalls, connected to the internet and powered on (not even in a sleep mode) 24 hours a day.
Yes, and you are right that it's a more serious problem -- but it's a known issue we have already discussed often, and doesn't mean we can't discuss other security problems, and perhaps even try to get them fixed *before* they are sold. (It's much easier to fix problems in a system before it is deployed.)
This will apparently be optional though, or at least something you can disable through an option screen. So it won't be REQUIRED.
"Get real, it's a game system"
Unfortunately, it is not only that. It is a full-fledged, network enabled appliance that can do almost everything a PC can do, but that is much more opaque to the user both in its workings and in its interface. And depending on the precise way it updates itself, it might be a way to circumvent a firewall.
"On the other hand, Nintendo DS is an even simpler game device which IS networked, and guess what, already there ARE viruses attacking the DS."
Source? The only news vaguely related to the DS and viruses I've heard of is a trojan (downloaded via a PC) that erases third-party DS hacking tools (connected to said PC).
"Get real, it's a game system..."
It's also an Internet device. Which means that it could be a DDos Zombie, a spam bot, or a dozen other things.
Game systems are looking more and more like computers every day. How long before there's a conventional web browser for your Nintendo Wii? And how long after that before people start doing their Internet banking on the box?
Wecome to convergence. Everything is everything, and nothing is only "a game system."
There was a court case a few years ago where it came out that the FBI had prevailed upon an (unamed) provider of Onstar type service to actually let them listen into conversations in the car of a targeted individual. It came out primarily because the company initially resisted, not because of privacy but because of bandwidth and technical problems, but eventually cooperated.
What we don't know is how many other times this has happened.
Almost every recent computer system is like that. Palms have always been like that. There is no way to turn off a Treo. It does not exist, short of removing the battery.
>> When's the last time you entered ANY personal data on your GameCube?
>This attitiude is both short-sighted and selfish.
I agree Roger. And wrong. The GameCube is highly likely to have some kind of ID, whether it be a token or something similar (just like every other network device).
With a million ways or more to put credentials on a networked device and have it link directly back to your personal identity information, you might think the danger would be obvious.
The question is whether the GameCube provides a doorway into other areas with sensitive data, not just whether the thing itself has all the data in the world on it.
Sometimes, even an on-off switch might be lacking. Years ago, there was a review of a smoke detector. This detector used power from a light socket. In addition, there was a rechargeable battery inside the detector. However, there was no easy and obvious way to remove the battery. Situations did happen where the alarm would fail to stop sounding. Assuming the battery had a charge, the detector had to be removed and wrapped in a towel to shut out the noise. (Imagine having a permanently installed device of that nature.)
>>On the other hand, Nintendo DS is an even simpler game device which IS networked, and guess what, already there ARE viruses attacking the DS.
amongst others. They overwrite boot flash on (and thus effectively destroy) modded consoles only.
(And to be pedantic, yes, I should have said Trojan, not virus.)
hmmm, interesting comments about the game itself, but, what about when Jr. turns the game "off" and enters an rf sensitive area visiting a paitient in a critical ward in a hospital, oops sorry doc, false alarm, it [the alarm] seems to go "off" when ever the kid walks by. And, what does it mean when an alarm goes "off", I've never heard of an alarm going "on". Hmmmm Maybe I should think more about this on the airplane, will the wii cause the plane to go off course and crash as the airlines contend?
i doubt nintendo would make it that you can't take the thing completely off. i'm sure you can choose to put it in standby, or choose to turn it off completely. the wiiconnect thing only runs in the standby mode - this doesn't mean off.
This follows Alan Foster's comment on May 10.
Yesterday I saw (presumably) the same vPro presentation. One part of it is a virtual machine completely isolating the user s/w stack from the h/w, the other a processor and "tamper-resistant" flash memory next to the NIC and in full "super user" control of the VM. The flash contains vital info about (all) the computer's s/w, version included, the processor receives remote management commands. It works even with the computer "off", once a vPro activation code is given.
An example referred to s/w patches applied this way, with the patch application protocol being "s/w-vendor dependent" and "hard to be discovered" by bad guys.
The whole IP traffic will be out-of-band, so it will not affect user traffic-- also it will be completely undetectable by the user, but this last thing was *not* mentioned by the speaker.
The IP packets will be encrypted. When I asked in what way he answered "PKI". I expected an answer like RSA/AES/whatever, with N-bit keys and I actually had to google this to make sure it was the nonsense answer I thought it was (yes, nothing other than Public Key Infrastructure came up).
The answers to my questions were that the encryption would be "hard to break", requiring "a 200000 euro stack of machines to break one packet in two days' time" and "very few people in the world can break an RM program's protocol in order to break into a vPro machine" and "no security system is 100% proof" and blah blah blah.
Computers being vulnerable while being online was not enough, now they will stay that way even when they are "off".
Not to mention that I see this as a prime candidate for spying on machines even when their users think they are powerred off, by anyone who can, with whatever means they can use, for whatever purposes they may have, and with the extra bonus of being completely undetectable by the user (and the evidence they gather may even be admissible).
I do not think that even being able to check the vPro flash (*if* this is allowed) would make any big difference to the computer user.
All this in the pretext of easy, powerful and flexible RM.
Thank god that for the time being this "feature" comes deactivated by default.
nintendo will probly have a system like animal crossing for the ds has you can choose if you want to recive downloads or not and in my mind u all dont know how the systems of anything that updates when its off so if you dont like it dont buy it
Listen, are you guys worried about dumbass hackers? Solution, don't put anything private in the Wii. The only thing I think I'll worry about is hackers killing your Wii. And I'm sure Big N will have no choice but to increase security and fix your Wii. I don't see what a Spy can gain from peeking in someone's Wii. Why do you want to be inserting personal data in a Wii?
Off, Standby, Power, all that is just annoyingly the same. It's going to just waste a small lightbulb's energy. If you're concerned about wasting money on electricity, why are you even buying a Wii? Look, you're worried about
It's like a internet browser in Wii, but you should understand that you don't know anything about the protection on the Wii. Don't be stupid and go to your bank's website to check something or read your email. Go on google and like go search for porn. No doubt it has less protection then a real computer.
If your like a hardcore gamer that hacks to get things done your way. Remember this, it's at your own risk. Wii is for gaming, not to discuss bank statements and your social security number. Wii's giving us more to enjoy, like chatting, BUT CHAT ABOUT GAMES not the girl down the street who I like to do 'things that would be blurred on TV' with. And it's also giving us expanded multiplayer. After all, it's what it's being called. Wii = We = Us = More then one = Two i's to represent two (or more) people! We have a videogame indentity and a human indentity, DONT GET THEM CONFUSED!
Look, I don't know anything too, too, advanced regarding computers, in fact I just stumbled on this from Wikipedia. But I'm just saying... SWEET MONKEY JESUS!!! USE COMMON SENSE!!!
Don't expect anymore responses from me. Crictize me all you want, just this was all spur of a moment. I'm only giving you something to think about. But read carefully and try to figure it out.
"I don't see what a Spy can gain from peeking in someone's Wii."
How do you suppose you buy the games for the previous consoles and play them on the Wii without putting your credit card information into it?
People, get over it, the console CAN be completely turned off. There is an option in the setup menu of the Nintendo Wii to have it either run on standby, or completely off. Full stop.
IF you hold down the power button, the light goes from 'Yellow' to 'Red' meaning the system is now off.
So there IS an off.
"If users expect the Nintendo Wii to be truly off, they need to pull the power plug"
Granted, this comment was made ages ago, but it was still a bit of a silly conclusion to come to. It is stupid to think that a company like Nintendo couldn't think to put a 'turn off WiiConnect' feature somewhere.... Bloody Sony fanboys.
hey all of you! The wii does indeed give you the option of turning wiiconnect24 off or on in the menus. it even lets you shut off net access completely if you really want to.(im using mine to type this comment now and i can assure all of you, my firmware/games are Not being messed with.) Net access is completely optional but your wii should be fairly safe if you're behind a properly configured NAT firewall anyway... P.s. the only problem i have sofar is this onscreen point to type keyboard... :-)
After unplugging all TV's VCR's, and computers, toasters, etc the electric bill went from over $80 down to $60.
After unplugging all TV's VCR's, and computers, toasters, etc the electric bill went from over $80 down to $60.
Simple rule: Anything that can be turned "on" with a remote is never really "off".
I still don't get it. If you unplug the wii system oes it lose it's memorie? I want to be able to bring it to a party but I don't want it to lose it's memorie. I would think it would keep it's memorie incase the power went out or something.
Am I the only one smart enough to know that you hold the power button on the console for a mere five seconds to turn the Wii completely off? Besides, anyone who has a wireless router has at least some protection from intruders. Furthermore, power drain is MINIMAL. You use more power leaving your non-essential kitchen appliances plugged in overnight than the Wii. You should be more concerned about conserving water than this minute amount of power anyway!
*Written via Wii internet*
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.