RE: Online Games Consoles and Security Implications

["Dom De Vitto" <dom () DeVitto com>]

When the dreamcast came out Fydor added the OS detection sigs to nmap.

So I guess at least a dreamcast doesn't have a built in firewall and
will respond in some way to uninitiated communications.

(obviously, ideally they should only permit communication to/from
servers they have initiated some kind of connection to already)

Dom

-----Original Message-----
From: John_Leitch () NAI com [mailto:John_Leitch () NAI com] 
Sent: Tuesday, May 21, 2002 9:23 AM
To: vuln-dev () securityfocus com
Subject: Online Games Consoles and Security Implications


Hi.
A strange but interesting thread maybe.......
With the advent of online consoles such as the XBOX (microsofts own so I
guess security could be a little weak, my own thoughts BTW) and the PS2.
What issues are unleashed that could have or cause massive security
implications for the home user. For instance: XBOX / PS2 can be
connected to a home LAN for access or they could be directly connected
via the broadband connectors.  I am sure there are no built in security
features for either platform.
Question:
Could the devices be used in anyway that could allow an attacker to 
a)      Crash said device
b)      Use device as a lever to interact between network devices
c)      Any other nefarious actions


Having not had the chance to PEN-TEST any of these as of yet I was
wondering what the online security groups thought of this.
FYI:  The Microsoft XBOX HAS BEEN hacked via a modchip (modchip allows
playback of CDR DVDR and all region DVD flicks) The PS2 has had the same
mod issues as above (only it took longer than the 4 weeks to hack the
XBOX) Thanks /John Leitch