AfterDawn: Tech news

Don't sell your old Xbox 360! Hackers can still steal info even after reset

Written by Andre Yoskowitz (Google+) @ 02 Apr 2012 14:40 User comments (12)

Don't sell your old Xbox 360! Hackers can still steal info even after reset Even though the consoles had been restored to factory settings, security researchers at Drexel University and Dakota State University were able to easily find credit card and other personal info.
Ashley Podhradsky, Rob D'Ovidio, and Cindy Casey of Drexel University, along with Pat Engebretson at Dakota State University purchased a refurbished Xbox 360 from a Microsoft-authorized retailer and used a very basic modding tool to gain access to the previous owner's credit card info, even though the hard drive had been wiped and the console restored to factory settings.

Says Podhradsky: "Microsoft does a great job of protecting their proprietary information. But they don't do a great job of protecting the user's data. A lot of them already know how to do all this. Anyone can freely download a lot of this software, essentially pick up a discarded game console, and have someone's identity."

Microsoft says it is investigating the case: "We are conducting a thorough investigation into the researchers' claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers' claims. Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously."

If Microsoft is slow to come with a fix, the college students say using Darik's Boot and Nuke (DBAN) will protect you.

Previous Next

Related news

 

12 user comments

12.4.2012 16:32

maybe some of the data is stored onto the jasper motherboard not all data is store onto hard drive itself.

22.4.2012 18:12

lol if a hacker is buying old xbox's for CC#'s he is hard up. and i would hope using stolen CC's to buy these used xbox's.

32.4.2012 18:15

simple, don't sell ur harddrive


Being nice always has its own consequences

42.4.2012 18:52

I am interested in how this can be since no Credit Card or account data is saved on the XBOX when it comes to payment info anyway. I read that Microsoft is investigating the issue. This is always a risk when you sell or get rid of your old technology. If they are getting it from the hard drive I guess the whole rule of keeping the hard drive or using a secure wipe method applies to consoles then too. Unfortunately doing it to the console would make the hard drive useless unless it somehow can be reflashed to work with the console again.


AMD Phenom II 965 @ 3.67Ghz, 8GB DDR3, ATI Radeon 5770HD, 256GB OCZ Vertex 4, 2TB Additional HDD, Windows 7 Ultimate.

http://www.facebook.com/BlueLightningTechnicalServices

52.4.2012 20:00

good thing i dont own one

62.4.2012 20:19

There are ways to format the drive to the point data can't be recovered...

73.4.2012 4:53

HOw would use DBAN on a XBOX 360


<a href="https://www.playfire.com/Yeaiflex"><img src="http://gamercards.playfire.com/_/psn/18892/0/7.png"></a><br><a href="https://www.playfire.com/">PSN Gamercards</a>

83.4.2012 5:16

maybe the microsoft team should hire the researchers to wipe out data and help inprove the security on refurbished xbox 360s.


custom built gaming pc from early 2010,ps2 with 15 games all original,ps3 500gbs with 5 games all original,yamaha amp and 5.1channel surround sound speakers,46inch sony lcd smart tv.

93.4.2012 10:46

Originally posted by Mysttic:
There are ways to format the drive to the point data can't be recovered...
Only partially true. In fact, the original data CAN, much of the time, be recovered, even after a multipass "wipe". This, however, is expensive (once you get past 10 wipe passes or so), so really is not an issue for fraud prevention.

Edit --> To put this in perspective, important data has been successfully recovered from HD platters that had been shattered with a hammer. Data forensics techniques can be startlingly successful.
This message has been edited since its posting. Latest edit was made on 03 Apr 2012 @ 10:48

103.4.2012 11:24
CharlesH1
Unverified new user

Originally posted by MckinneR:
HOw would use DBAN on a XBOX 360
Im guessing its similar to how you create a hard drive for the Xbox. The Microsoft HD is just a laptop drive in a case. With a boot disc you can put it in a laptop and make modifications.

116.2.2013 1:37
jking501
Unverified new user

I always just go to a actual store to get my xbox gold membership for the year, that way I never have to enter my financial info.

126.2.2013 1:43

do

Originally posted by jking501:
I always just go to a actual store to get my xbox gold membership for the year, that way I never have to enter my financial info.
you really need to bump this topic from 2012?

Comments have been disabled for this article.

News archive