Used Xbox's Can Be Hacked for Credit Card Info

[dc89]

Restoring an Xbox 360 console to factory settings before selling it apparently isn't enough to remove your personal information. In an interview with Kotaku, Drexel University researcher Ashley Podhradsky said that her team had successfully retrieved credit card data from a refurbished Xbox using simple modding tools. The software gave them access to the console's files and folders, letting them extract information that hadn't been wiped even by the Microsoft-authorized reseller.

The process was published in the August 2011Proceedings of the America's Conference on Information Systems.
Podhradsky says that Microsoft "does a great job of protecting their proprietary information. But they don't do a great job of protecting the user's data." In particular, she singles out what she sees as a long history of misleading information. "When you go and reformat your computer, like a Windows system, it tells you that all of your data will be erased. In actuality that's not accurate — the data is still available." Fortunately, it is possible to sanitize an Xbox hard drive by hooking it to your computer and running a program like Darik's Boot & Nuke, she says. Podhradsky does not appear to have published research on other consoles, though, so PlayStation 3 or Wii users might want to wait before calling out Microsoft for poor security.

http://www.theverge.com/2012/3/30/29...-hack-research

Be careful how you handle your old Xbox!

[F34R]

I still have my old one. I wouldn't get rid of it for precisely this reason. However, you can completely destroy it and render this problem mute.

Microsoft responded:

We are conducting a thorough investigation into the researchers' claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers' claims.

Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously.

http://www.joystiq.com/2012/03/30/mi...credit-card-i/

[Dennis Dyack]

Sounds like BS to me. No credit card info is stored on the machine itself. Now perhaps they can get the gamertag and log in info but I don't think that would get you the credit card info.

Sent from my DROID RAZR using Tapatalk 2 Beta-4

[keefy]

You know how this works?

Idiots thats how.

The idiots leave their live login on the console with the passwrd remebered.

[radgamer420]

You know how this works? Idiots thats how. The idiots leave their live login on the console with the passwrd remebered.

That would be my guess. Interested to see the results when MS is done looking into this.

[Chille]

You know how this works?

Idiots thats how.

The idiots leave their live login on the console with the passwrd remebered.

Actually its pretty much impossible to fully delete data thats stored on a HDD so even if they deleted the password from being saved, chances are the data is still hidden on the HDD itself and all you would need is the correct adapter and file retrieving software to get it.

[Centurion]

You know how this works?

Idiots thats how.

The idiots leave their live login on the console with the passwrd remebered.

The problem is with Microsoft not properly wiping the drive. Why blame the users for using a feature that was provided to them?

Actually its pretty much impossible to fully delete data thats stored on a HDD so even if they deleted the password from being saved, chances are the data is still hidden on the HDD itself and all you would need is the correct adapter and file retrieving software to get it.

It's not impossible. It just requires that the bits on the drive are overwritten enough times.

[Chille]

The problem is with Microsoft not properly wiping the drive. Why blame the users for using a feature that was provided to them?



It's not impossible. It just requires that the bits on the drive are overwritten enough times.

Yeah but chances are the standard formating doesnt do it, or even deleting the data, so it is plausible i very doubt people are doing it

[keefy]

The problem is with Microsoft not properly wiping the drive. Why blame the users for using a feature that was provided to them?



It's not impossible. It just requires that the bits on the drive are overwritten enough times.

Idiots do not wipe drives at all ever.

[Centurion]

Yeah but chances are the standard formating doesnt do it, or even deleting the data, so it is plausible i very doubt people are doing it

Yeah, the problem is it takes a LONG time to properly wipe the entire drive (days).

[Centurion]

Idiots do not wipe drives at all ever.

If you read the paper, you would see that they use the wipe feature. We can't expect the user to pull the hard drive out of their xbox and connect it to their computer for proper wiping.