Software Developer and Application Security Consultant
Game consoles are in the news. These are being hacked at the hardware level. When exploits like Sighax & Fusée Gelée arise at the hardware level, the whole console is compromised. Even if Fusée Gelée - Tegra X1 and Nintendo Vulnerability allow a device owner to hack their own console, which might not sound risky. However, it will allow malicious actors to write codes remotely to execute a similar attack and access the hardware.
Brandon Wilson, Software Developer & Application Security Consultant spoke to hardwear.io about the security of game consoles. He is conducting a village on Dumping the ROM of the Most Secure Sega Genesis Game Ever Created at hardwear.io is during 11th to 14th September 2018.
Brandon: I think we've already seen the impact that console hacking has and will continue to have on businesses and end users. Nearly every major game console has been publicly compromised, and while piracy is a significant issue, businesses are continuing to operate and thrive. I believe the majority of people with the skill and resources to make piracy possible have no interest in contributing to it.
Brandon: Work with the people that come up with new exploits, many of whom want to help stop piracy as well. New exploits are becoming increasingly rare and difficult to pull off, and if each newly-discovered vulnerability were disclosed to these companies and immediately fixed, piracy becomes that much more difficult.
Brandon: It may be. In recent years, it is common for a console hacker to own at least two consoles -- one to remain unmodified and used for online play, and another for experimentation. I believe the majority of people who hack consoles do so either for the challenge, or to take full advantage of the hardware they own. If piracy is not the main goal, there is no need for a modified console to connect to official game servers.
Brandon: A bug bounty program may encourage some to contribute who otherwise would not, but I don't believe it's necessary. I continue to believe the majority of console hackers just enjoy the challenge and want recognition for their hard work. They are not out to get rich, they just love what they do and want to share it with others. Not all of them want to see the issues fixed, such as those who want to maintain full control over hardware they paid for and create their own software for it, but some do. Console businesses should make it easy for hackers and researchers to disclose vulnerabilities, encourage discussion about what the right solution should be, and most importantly, do not threaten or scare anyone into avoiding research. There are a wealth of highly intelligent people in the world that can help them secure their own products, and it is a resource that companies would be foolish to alienate for any reason.