Gaming the Security – The New Generation of Consoles

With the Xbox One having landed in many countries, it’s time to have a closer look at the new console generation. The Xbox One is equipped with two virtualized operating systems, both running on a hypervisor: the core system for gaming and a slimmed down version of Windows 8 for the app landscape. It is also planned to make it compatible with apps originally made for Windows Phone. It will also be interesting to see the level of platform sharing with Windows 8 and therefore the compatibility for malware targeting existing Windows systems. This, however, is still something yet to be explored.

There have already been malware attacks on games consoles in the past. Like Trojans for the Nintendo DS and Sony PSP as well as proof of concept attacks against the Nintendo Wii, in which the console was used as a door opener to breach corporate networks, as shown at BlackHat in 2010. The malware, however, was seldom seen in the wild and needed a -homebrew- firmware first, in order to be able to execute pirated games v this is the way the malware was disguised and it was then spread via torrents and other file sharing networks. This meant high barriers for malware authors and the reason for the low infection rates. However, the high interconnectivity of modern consoles, like apps for Twitter, Facebook, Youtube, chat tools and video conferencing like Skype opens doors and makes them more vulnerable to attacks.

There are several factors to assess the risk of a device concerning malware attacks: the popularity of a device (read: how widespread it is), the feasibility of an attack and the possibilities to make money with it. As for popularity, it’s interesting since it’s going to be made compatible with Windows Phone apps, for which no malware exists so far in the wild – probably because the market share isn’t enough to lure cybercriminals. Its future compatibility, however, extends the target audience and might break the threshold to change that situation. As for the financial opportunities, so far only malware to brick the console’s systems had been spotted in the wild; something that doesn-t fit into today’s cybercrime business, which only targets systems to make money (on a side note, the first evil pranks to allegedly make the Xbox One backwardly compatible to play Xbox 360, but rendering the console useless by messing with the devkit, have already appeared). However, with modern consoles, things are a bit different. Since the makers of devices are increasingly including the possibility to install additional applications (and pay for them via credit cards, saved on your gaming account) and social media interconnectivity to share the progress and achievements in a game for a “fuller gaming experience”, as well as offering decent hardware performance, consoles are in fact attractive for criminals.

All this offers a new playground for malware types like ransomware, which could lock up the console until a ransom is paid, Trojans that steal personal information stored on the device ( login credentials to the online account or credit card information) or abuse the hardware performance to mine bitcoins, as seen on PCs.

Games consoles have clearly moved beyond just gaming. In a world where more and more devices and online services get merged and interconnected, it will be interesting to see what the future will bring and if we will see the first major malware outbreak in console-land. This blog post is certainly not intended to spread fear, uncertainty and doubt, but just to offer thoughts that occurred to me when I read about the console specifics. Happy and secure gaming to all people out there who already purchased a next gen console or are planning to do so in future!

Gaming the Security – The New Generation of Consoles

Your email address will not be published. Required fields are marked *




  2. Joe Buono

    Sorry about the necro, but I’m curious about something and your contemporaries on the web agree that you are the Go-To guy on this subject, Mr. Funk. Bethesda Games is opening their Creation Kit to the major consoles now, which I understand allows players of Skyrim and Fallout 4 to write mods/code on their PCs, and then port them to consoles via Bethesda.net. Do you think this will substantially increase malware threats to consoles? Given the number of bugs and glitches they allow to slip through their testing (and I do understand that much of this is due to the vast sandbox nature of their games), I’m not certain that I’m wholly comfortable with the idea of trusting my security to them alone.


Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Lazarus covets COVID-19-related intelligence

As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.

Sunburst: connecting the dots in the DNS requests

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.

Subscribe to our weekly e-mails

The hottest research right in your inbox