Lady bird

Game Console Security

Brandon Wilson

Brandon Wilson

Software Developer and Application Security Consultant

Game consoles are in the news. These are being hacked at the hardware level. When exploits like Sighax & Fusée Gelée arise at the hardware level, the whole console is compromised. Even if Fusée Gelée - Tegra X1 and Nintendo Vulnerability allow a device owner to hack their own console, which might not sound risky. However, it will allow malicious actors to write codes remotely to execute a similar attack and access the hardware.

Brandon Wilson, Software Developer & Application Security Consultant spoke to about the security of game consoles. He is conducting a village on Dumping the ROM of the Most Secure Sega Genesis Game Ever Created at is during 11th to 14th September 2018.

(1) What will be the impact of console hacking on the gaming console businesses and end users?

Brandon: I think we've already seen the impact that console hacking has and will continue to have on businesses and end users. Nearly every major game console has been publicly compromised, and while piracy is a significant issue, businesses are continuing to operate and thrive. I believe the majority of people with the skill and resources to make piracy possible have no interest in contributing to it.

(2) Console hacking can lead to both, a homebrew code and/or mass piracy. Businesses are struggling to stop mass piracy, especially companies such as Nintendo. Mass piracy is a big issue for businesses. How can Sony, Microsoft, Nintendo secure their game consoles to prevent piracy?

Brandon: Work with the people that come up with new exploits, many of whom want to help stop piracy as well. New exploits are becoming increasingly rare and difficult to pull off, and if each newly-discovered vulnerability were disclosed to these companies and immediately fixed, piracy becomes that much more difficult.

(3) Recently Nintendo banned the hacked switch console. Is banning the solution to such hacks?

Brandon: It may be. In recent years, it is common for a console hacker to own at least two consoles -- one to remain unmodified and used for online play, and another for experimentation. I believe the majority of people who hack consoles do so either for the challenge, or to take full advantage of the hardware they own. If piracy is not the main goal, there is no need for a modified console to connect to official game servers.

(4) How game console hackers & researchers can collaborate with console businesses to make more secure consoles? Is starting a bug bounty program only solution?

Brandon: A bug bounty program may encourage some to contribute who otherwise would not, but I don't believe it's necessary. I continue to believe the majority of console hackers just enjoy the challenge and want recognition for their hard work. They are not out to get rich, they just love what they do and want to share it with others. Not all of them want to see the issues fixed, such as those who want to maintain full control over hardware they paid for and create their own software for it, but some do. Console businesses should make it easy for hackers and researchers to disclose vulnerabilities, encourage discussion about what the right solution should be, and most importantly, do not threaten or scare anyone into avoiding research. There are a wealth of highly intelligent people in the world that can help them secure their own products, and it is a resource that companies would be foolish to alienate for any reason.

Brandon spoke to through video:

Lady bird

Subscribe with

Your subscription indicates that you have agreed the terms and conditions of Read our privacy policy