Don't sell your old Xbox 360! Hackers can still steal info even after reset

Don't sell your old Xbox 360! Hackers can still steal info even after reset
Even though the consoles had been restored to factory settings, security researchers at Drexel University and Dakota State University were able to easily find credit card and other personal info.

Ashley Podhradsky, Rob D'Ovidio, and Cindy Casey of Drexel University, along with Pat Engebretson at Dakota State University purchased a refurbished Xbox 360 from a Microsoft-authorized retailer and used a very basic modding tool to gain access to the previous owner's credit card info, even though the hard drive had been wiped and the console restored to factory settings.



Says Podhradsky: "Microsoft does a great job of protecting their proprietary information. But they don't do a great job of protecting the user's data. A lot of them already know how to do all this. Anyone can freely download a lot of this software, essentially pick up a discarded game console, and have someone's identity."

Microsoft says it is investigating the case: "We are conducting a thorough investigation into the researchers' claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers' claims. Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously."

If Microsoft is slow to come with a fix, the college students say using Darik's Boot and Nuke (DBAN) will protect you.

Written by: Andre Yoskowitz @ 2 Apr 2012 14:40
Tags
console Microsoft xbox 360` factory reset drexel
Advertisement - News comments available below the ad
  • 12 comments

  • xaznboitx

    maybe some of the data is stored onto the jasper motherboard not all data is store onto hard drive itself.

    2.4.2012 16:32 #1

  • Hopium

    lol if a hacker is buying old xbox's for CC#'s he is hard up. and i would hope using stolen CC's to buy these used xbox's.

    2.4.2012 18:12 #2

  • Hyasuma

    simple, don't sell ur harddrive

    Being nice always has its own consequences

    2.4.2012 18:15 #3

  • bobiroc

    I am interested in how this can be since no Credit Card or account data is saved on the XBOX when it comes to payment info anyway. I read that Microsoft is investigating the issue. This is always a risk when you sell or get rid of your old technology. If they are getting it from the hard drive I guess the whole rule of keeping the hard drive or using a secure wipe method applies to consoles then too. Unfortunately doing it to the console would make the hard drive useless unless it somehow can be reflashed to work with the console again.

    AMD Phenom II 965 @ 3.67Ghz, 8GB DDR3, ATI Radeon 5770HD, 300GB 10,000RPM Raptor, 2TB Additional HDD, Windows 7 Ultimate.

    http://www.facebook.com/BlueLightningTechnicalServices

    2.4.2012 18:52 #4

  • A5J4DX

    good thing i dont own one

    2.4.2012 20:00 #5

  • Mysttic

    There are ways to format the drive to the point data can't be recovered...

    2.4.2012 20:19 #6

  • MckinneR

    HOw would use DBAN on a XBOX 360

    3.4.2012 04:53 #7

  • xboxdvl2

    maybe the microsoft team should hire the researchers to wipe out data and help inprove the security on refurbished xbox 360s.

    R.I.P. mr 1990 ford falcon.got myself a 1993 toyota corolla seems to run good.computers still going good.

    3.4.2012 05:16 #8

  • Bozobub

    Originally posted by Mysttic: There are ways to format the drive to the point data can't be recovered... Only partially true. In fact, the original data CAN, much of the time, be recovered, even after a multipass "wipe". This, however, is expensive (once you get past 10 wipe passes or so), so really is not an issue for fraud prevention.

    Edit --> To put this in perspective, important data has been successfully recovered from HD platters that had been shattered with a hammer. Data forensics techniques can be startlingly successful.

    3.4.2012 10:46 #9

  • CharlesH1 (unverified)

    Originally posted by MckinneR: HOw would use DBAN on a XBOX 360 Im guessing its similar to how you create a hard drive for the Xbox. The Microsoft HD is just a laptop drive in a case. With a boot disc you can put it in a laptop and make modifications.

    3.4.2012 11:24 #10

  • jking501 (unverified)

    I always just go to a actual store to get my xbox gold membership for the year, that way I never have to enter my financial info.

    6.2.2013 01:37 #11

  • xaznboitx

    doOriginally posted by jking501: I always just go to a actual store to get my xbox gold membership for the year, that way I never have to enter my financial info. you really need to bump this topic from 2012?

    6.2.2013 01:43 #12

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud