AfterDawn: Tech news

Don't sell your old Xbox 360! Hackers can still steal info even after reset

Written by Andre Yoskowitz @ 02 Apr 2012 2:40 User comments (12)

Don't sell your old Xbox 360! Hackers can still steal info even after reset Even though the consoles had been restored to factory settings, security researchers at Drexel University and Dakota State University were able to easily find credit card and other personal info.
Ashley Podhradsky, Rob D'Ovidio, and Cindy Casey of Drexel University, along with Pat Engebretson at Dakota State University purchased a refurbished Xbox 360 from a Microsoft-authorized retailer and used a very basic modding tool to gain access to the previous owner's credit card info, even though the hard drive had been wiped and the console restored to factory settings.

Says Podhradsky: "Microsoft does a great job of protecting their proprietary information. But they don't do a great job of protecting the user's data. A lot of them already know how to do all this. Anyone can freely download a lot of this software, essentially pick up a discarded game console, and have someone's identity."

Microsoft says it is investigating the case: "We are conducting a thorough investigation into the researchers' claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers' claims. Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously."



If Microsoft is slow to come with a fix, the college students say using Darik's Boot and Nuke (DBAN) will protect you.

Previous Next  

12 user comments

12.4.2012 16:32

maybe some of the data is stored onto the jasper motherboard not all data is store onto hard drive itself.

22.4.2012 18:12

lol if a hacker is buying old xbox's for CC#'s he is hard up. and i would hope using stolen CC's to buy these used xbox's.

32.4.2012 18:15

simple, don't sell ur harddrive

42.4.2012 18:52

I am interested in how this can be since no Credit Card or account data is saved on the XBOX when it comes to payment info anyway. I read that Microsoft is investigating the issue. This is always a risk when you sell or get rid of your old technology. If they are getting it from the hard drive I guess the whole rule of keeping the hard drive or using a secure wipe method applies to consoles then too. Unfortunately doing it to the console would make the hard drive useless unless it somehow can be reflashed to work with the console again.

52.4.2012 20:00

good thing i dont own one

62.4.2012 20:19

There are ways to format the drive to the point data can't be recovered...

73.4.2012 04:53

HOw would use DBAN on a XBOX 360

83.4.2012 05:16

maybe the microsoft team should hire the researchers to wipe out data and help inprove the security on refurbished xbox 360s.

93.4.2012 10:46

Originally posted by Mysttic:
There are ways to format the drive to the point data can't be recovered...
Only partially true. In fact, the original data CAN, much of the time, be recovered, even after a multipass "wipe". This, however, is expensive (once you get past 10 wipe passes or so), so really is not an issue for fraud prevention.

Edit --> To put this in perspective, important data has been successfully recovered from HD platters that had been shattered with a hammer. Data forensics techniques can be startlingly successful.
This message has been edited since its posting. Latest edit was made on 03 Apr 2012 @ 10:48

103.4.2012 11:24
CharlesH1
Unverified new user

Originally posted by MckinneR:
HOw would use DBAN on a XBOX 360
Im guessing its similar to how you create a hard drive for the Xbox. The Microsoft HD is just a laptop drive in a case. With a boot disc you can put it in a laptop and make modifications.

116.2.2013 01:37
jking501
Unverified new user

I always just go to a actual store to get my xbox gold membership for the year, that way I never have to enter my financial info.

126.2.2013 01:43

do

Originally posted by jking501:
I always just go to a actual store to get my xbox gold membership for the year, that way I never have to enter my financial info.
you really need to bump this topic from 2012?

Comments have been disabled for this article.

Latest news

Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets (06 Jun 2023 9:19)
Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
Neato, the robot vacuum company, ends its operations Neato, the robot vacuum company, ends its operations (02 May 2023 3:38)
Neato Robotics has ceased its operations. American robot vacuum pioneer founded in 2005 has finally called it quits and company will cease its operations and sales. Only a skeleton crew will remain who will keep the servers running until 2028.
5 user comments
How to Send Messages to Yourself on WhatsApp How to Send Messages to Yourself on WhatsApp (20 Mar 2023 1:25)
The world's most popular messaging platform, Meta-owned WhatsApp has enabled sending messages to yourself. While at first, this might seem like an odd feature, it can be very useful in a lot of situations. ....
18 user comments
How to Enable Bluetooth on Stadia Controller How to Enable Bluetooth on Stadia Controller (11 Feb 2023 1:04)
Google shut down its streaming game service Stadia late last month and this means that some people have Stadia controllers lying around that seem to be of no use. That is fortunately not the ....
2 user comments
Guide: How to Kick Unwanted Guests from Your Netflix Account Guide: How to Kick Unwanted Guests from Your Netflix Account (26 Jan 2023 2:14)
Sharing a Netflix account with a person in a different location is possible and indeed very common, although the company doesn't necessarily enjoy this behavior from their customers. However, ....

News archive