Wednesday, September 30, 2009

Project Natal & Xbox 360 Security

Microsoft recently, well not so recently anymore, June 1, 2009 @ E3 2009, announced their new project, "Project Natal" and their new "controller-free gaming experience." Even though it was announced a few months ago I just now found out about it whilst looking at Wii motion enhancing add-ons.

If you have not yet heard about it or seen the demo then check out the multiple demos on Youtube here:


Anyway, in all the articles discussing Project Natal and the videos showing the capabilities of this device Microsoft is working on, they are all discussing how "immersive" it is. It is true, as proof look at how well Wii has done for itself in sales because of its relative immersion quality and plain fun factor--the kids love it!

I mean when you have a "game" that "recognizes" you by either your face or your voice as soon as you walk by, and can greet you by name and "interact" with you. Furthermore, when it can also detect your tone (according to the Lionhead demo,) and even make 'eye contact' one has to wonder about security. However from what I have seen, no one is worried, yet. I've searched for articles thinking that perhaps someone may be a little concerned about security with this technology in your living room and surprisingly found none. Granted it was only recently unveiled so perhaps it's still too new or no one wants to jump the gun just yet until more details are released from Microsoft. But I am such a person willing to speculate and perhaps even predict a few security risks that may present themselves through this new toy.

First of all let us look at what this device consists of:
  • Microphone (multi-array, to detect multiple voices/persons with noise canceling)
  • RGB camera
  • Depth sensor (obviously to get a better "image" of you 3 dimensionally)
  • IR + CMOS sensor (for those dynamic lighting conditions, even in the dark)
  • Feature extraction (with 48 skeletal human body points)
  • And network ready (presumably from the demo of conference chats through Xbox Live)
 I don't want to drag this post too long (we've heard that before) but I apologize now if I do, I tend to write with train of thought, but these things need to be considered even if you don't care. Having this in your living room is no different than having a webcam installed on your computer, either built-in or not. The potential privacy risk involves the obvious, someone hijacking your webcam to snap pictures of you and perhaps using the common built-in microphone to eavesdrop as well. Report 1, Report 2

Even though those two reports are basically over someone taking video or pictures of you without permission, imagine how much more a device like the Project Natal device could do. We're not just talking about some fuzzy out of focused pictures here. We're talking about being able to detect who is who by sound or video and facial recognition--even in the dark! Other than the potential risk of invasion of privacy to eavesdrop visually or audibly, what other security risk could exist? That is up for speculation, we already know it could possibly be done on a regular Xbox camera if it could be done on a PC--after all, the Xbox is essentially a PC. It has software (the weak link here after users), hardware, GUI, Kernal and other critical "components."

 As further reason to not take these ideas so lightly right away, take a look at the first Xbox, and how bad it did in the security realm. Not only did they use a Windows Kernal and a similar bootup process, but the circuit board's actual bus from the famous "south bridge" was hacked to sniff the code being passed over. This was and is a hardware exploit. There was also the software exploits, where the saved games were not checked, nor was the data on the dashboard checked--which would result in possible buffer exploits. These are just two of the many exploits. Xbox 360 corrected many of the easier exploits but some remained, for example the DMA attacks due to it not being encrypted and the infamous Hypervisor exploit.

It must be acknowledged however that Microsoft has taken good measures to keep these gaming console/PCs secure from remote hacking, in fact most of these "exploits" are in forms of piracy and home brews and OS changes, not virus/trojan/code types. As regards their security measures, for example, the network it communicates with online is encrypted, with what? I don't know, maybe some custom SSL? I really don't know. Also, the network is obviously private. Another thing, the Xbox 360 basically has to authenticate itself before it's let onto this network, if it fails, you most likely will be banned due to modding etc.

Really, on a technical level, the only real ways to do any remote hacking like we do on computers is by first either finding a way into their network--which I believe would be damn near improbable; or find a way to impersonate and be authenticated as a 360 on their network; or formulate some sort of MITM attack allowing the real 360 authenticate you; or modify the 360 to let you use it for your hacking needs but then you also have to pass the mod checks; or somehow make use of the 'PC to Xbox 360' network capabilities. Then comes the problem of software to execute. Unless physically hacked, 360s will not execute software that is not approved, especially software that is not approved by Microsoft's Xbox Live market place.

Pointing out those few security measures that do protect your consoles may make us feel warm and fuzzy. However, we can start crapping bricks when they make a web browser available to the Xbox 360. It is not unreasonable to conclude that security itself is a reason the 360 does not have a browser. Once it does, it will become very vulnerable to malicious 3rd party applications, enumerations and hacks. Maybe then it will be time for a new sub-market? Norton Anti-Virus 2009, Xbox 360 edition?

In conclusion, while Project Natal may not go all Skynet on us all because of the security measures and more fundamental--the improbability of it, I believe it is shrewd not to dismiss such possibilities. When your Natal device is snapping Infra-Red-48 jointed-3D Rendered images whilst taking vocal samples and retina scans of you detecting your emotions through facial recognition, don't come crying to me I didn't tell you. ;-)

No comments:

Post a Comment