All your gadgets can be hacked: 15-year-old builds Xbox Kinect malware

10 million Xboxes, open-source drivers and an SDK add up to another security risk in your living room

It is absolutely true that every piece of electronic gear or software ever made is vulnerable to viruses, trojan horses and malware of all kinds as well as direct attacks using techniques to exploit flaws in that system.

But there's not enough interest among those who write malware or hack other people's systems to make every piece of software or hardware a target.

If no one is interested in your thing, no one is going to try to ruin it. Of course, no one will want to buy it either, but that's a different problem.

So you have to figure that – except for systems with broad commercial appeal, and therefore tremendous potential for profitable criminal abuse – anyone writing malware for a specific system is going to be someone interested in that system and/or the people that use it, right?

Yes. Which is why it is more surprising to hear that someone bothered to create malware designed to attack Microsoft's Xbox Kinect motion-sensing game controller than it is to hear that the researcher who did it is 15 years old.

Security researcher Shantanu Gawde, who works for a company called MalCon Research built an app called "gawde" that runs on a Windows 7 computer and collects sensory data from the Kinect. Keyed partially by voice recognition and a list of key words, the app takes pictures of the victim and the Kinect's surroundings and uploads them to a Picasa account.

More than 10 million Xboxes have been sold worldwide, all supporting a range of open-source drivers, interconnections to the Internet and Windows machines and almost anything else a developer could code using the Xbox software developer's kit distributed by Microsoft.

Kinect is an add-on product – a bar-shaped sensor platform with cameras, motion sensors and audio pickups designed to let users control games with the motion of their bodies rather than a handheld controller – mimicking the motions of the sport or dance contest rather than remembering the long series of button pushes to execute a moon walk, for example

There are hundreds of modifications and game hacks circulated by Xbox fans online, most of which are designed to let players customize or turbocharge their own systems.

Because of the SDK and connections to other networks, however, there is a lot of potential for the Xbox to be used or misused as a malware platform in itself, or a gateway to other systems, according to both Gawde's bosses and security experts quoted by TheHackerNews.

The Kinect hack was part of a contest for the upcoming International Malware Contest in Mumbai, India, where it will be demonstrated.

If you don't go, or don't get the patch, just be sure to turn your Kinect to the wall when you're not using it. No need to make it even more likely someone will be able to spy on you while you're gaming or watching HBO in your jammies.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Top 10 Hot Internet of Things Startups
Join the discussion
Be the first to comment on this article. Our Commenting Policies