What if …………
My son has recently become a Call of Duty, World at War addict. For those of you not familiar with this popular game it is what is
referred to as a “first person shooter” in which players collaboratively take
on other players in global cyber space. The game was first released for the
Microsoft Xbox 360 and later for the Sony Playstation 3 (PS3). I’ve done a
little research on the sales of these systems and there are over 39 million
Xbox 360 units and 33.5 million (not sure how you calculate a half unit) PS3
units worldwide; the bulk of these systems residing in the United States.
These systems aren’t much bigger than a college text book and pack quite a punch from a hardware perspective. For example, the Xbox360
uses an IBM designed, 3 core Xenon processor, offers up to 250GB of storage,
high performance graphic processors and holds 512MB of memory. Both of these
systems have 10/100Mbs network interfaces that allow voice, multimedia and
Internet gaming. These systems are perfect tools for escaping reality and
entering the electronic gaming world.
They’re also perfect tools for other subversive endeavors. My first experience was in early 2000 when a government agency requested that
we add a Xbox voice parser for some software I was managing. The voice parser
was required because drug traffickers were using the voice feature on the Xbox
to coordinate the movement of drugs within a specific country. While I’m sure
that this type of behavior continues a larger concern of mine is the potential
vulnerability of these units.
There have been specific hacks over the past 4 years that have allowed full access to these units’ hardware systems. While Microsoft and
Sony have released software updates for these vulnerabilities and maintain a
patching cycle for the units, the fact is that many of these units are exposed
outside of protection mechanisms. Firewalls and end-user visibility to the
security posture of the unit is non-existent.yes””> In fact many of these units sit outside of home firewalls
because of the perception that voice and game play is negatively affected. I
don’t know if there is technical merit to this perception but any system with a
public, non-RFC 1918 address is an exploit waiting to happen. A couple of other attack vectors to
point out is these systems’ ability to connect to home computers for media
sharing and the centralized gaming service that interconnects and creates the
internet play experience. These are potential vectors that could negate a
firewall-protected unit.
So with this, what if ……… only half of the 73 million Xbox 360s and Sony PS3 were comprised with a Distributed Denial of Service (DDoS)
zombie?
Leave a Reply
You must be logged in to post a comment.