AfterDawn: Tech news

Don't sell your old Xbox 360! Hackers can still steal info even after reset

Written by Andre Yoskowitz @ 02 Apr 2012 2:40 User comments (12)

Don't sell your old Xbox 360! Hackers can still steal info even after reset Even though the consoles had been restored to factory settings, security researchers at Drexel University and Dakota State University were able to easily find credit card and other personal info.
Ashley Podhradsky, Rob D'Ovidio, and Cindy Casey of Drexel University, along with Pat Engebretson at Dakota State University purchased a refurbished Xbox 360 from a Microsoft-authorized retailer and used a very basic modding tool to gain access to the previous owner's credit card info, even though the hard drive had been wiped and the console restored to factory settings.

Says Podhradsky: "Microsoft does a great job of protecting their proprietary information. But they don't do a great job of protecting the user's data. A lot of them already know how to do all this. Anyone can freely download a lot of this software, essentially pick up a discarded game console, and have someone's identity."

Microsoft says it is investigating the case: "We are conducting a thorough investigation into the researchers' claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers' claims. Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously."



If Microsoft is slow to come with a fix, the college students say using Darik's Boot and Nuke (DBAN) will protect you.

Previous Next  

12 user comments

12.4.2012 16:32

maybe some of the data is stored onto the jasper motherboard not all data is store onto hard drive itself.

22.4.2012 18:12

lol if a hacker is buying old xbox's for CC#'s he is hard up. and i would hope using stolen CC's to buy these used xbox's.

32.4.2012 18:15

simple, don't sell ur harddrive

42.4.2012 18:52

I am interested in how this can be since no Credit Card or account data is saved on the XBOX when it comes to payment info anyway. I read that Microsoft is investigating the issue. This is always a risk when you sell or get rid of your old technology. If they are getting it from the hard drive I guess the whole rule of keeping the hard drive or using a secure wipe method applies to consoles then too. Unfortunately doing it to the console would make the hard drive useless unless it somehow can be reflashed to work with the console again.

52.4.2012 20:00

good thing i dont own one

62.4.2012 20:19

There are ways to format the drive to the point data can't be recovered...

73.4.2012 04:53

HOw would use DBAN on a XBOX 360

83.4.2012 05:16

maybe the microsoft team should hire the researchers to wipe out data and help inprove the security on refurbished xbox 360s.

93.4.2012 10:46

Originally posted by Mysttic:
There are ways to format the drive to the point data can't be recovered...
Only partially true. In fact, the original data CAN, much of the time, be recovered, even after a multipass "wipe". This, however, is expensive (once you get past 10 wipe passes or so), so really is not an issue for fraud prevention.

Edit --> To put this in perspective, important data has been successfully recovered from HD platters that had been shattered with a hammer. Data forensics techniques can be startlingly successful.
This message has been edited since its posting. Latest edit was made on 03 Apr 2012 @ 10:48

103.4.2012 11:24
CharlesH1
Unverified new user

Originally posted by MckinneR:
HOw would use DBAN on a XBOX 360
Im guessing its similar to how you create a hard drive for the Xbox. The Microsoft HD is just a laptop drive in a case. With a boot disc you can put it in a laptop and make modifications.

116.2.2013 01:37
jking501
Unverified new user

I always just go to a actual store to get my xbox gold membership for the year, that way I never have to enter my financial info.

126.2.2013 01:43

do

Originally posted by jking501:
I always just go to a actual store to get my xbox gold membership for the year, that way I never have to enter my financial info.
you really need to bump this topic from 2012?

Comments have been disabled for this article.

Latest news

Does your phone rattle? Here's why it happens Does your phone rattle? Here's why it happens (25 Aug 2024 8:30)
When you shake your phone and hear a light rattle, clatter, or jingle, it's likely not broken. The culprit is probably the optical image stabilization (OIS) system in your phone's camera, meaning everything is functioning as it should.
2 user comments
CEO of Messaging App Telegram Arrested in France CEO of Messaging App Telegram Arrested in France (25 Aug 2024 7:12)
French authorities have detained Pavel Durov, CEO of the messaging service Telegram, amidst an ongoing investigation to determine whether Telegram moderates its platform adequately.
1 user comment
Roborock S8 MaxV Ultra review - obstacle avoidance doesn't work as it should, otherwise almost perfect robot vacuum Roborock S8 MaxV Ultra review - obstacle avoidance doesn't work as it should, otherwise almost perfect robot vacuum (15 Aug 2024 5:37)
We put the Roborock S8 MaxV Ultra through a very, very long review process. The $1800 mopping robot vacuum is almost perfect, but its obstacle avoidance was surprisingly bad, considering the price - and compared to its competitors.
End of an era: Sony to cease production of recordable Blu-ray discs End of an era: Sony to cease production of recordable Blu-ray discs (14 Jul 2024 5:31)
Sony has announced that it will cease the production of consumer-grade, recordable Blu-ray discs.
Sharge x OnePlus Pouch review: Beautiful power bank that supports SuperVOOC charging Sharge x OnePlus Pouch review: Beautiful power bank that supports SuperVOOC charging (14 Jun 2024 5:37)
In our review, we take a look at Sharge's power bank that supports OnePlus SuperVOOC quick charging technology as well as standard USB PD charging. It has small design flaws, but despite those, the Pouch is very nice product.
1 user comment

News archive