October 28, 2011, 1:57 PM — It is absolutely true that every piece of electronic gear or software ever made is vulnerable to viruses, trojan horses and malware of all kinds as well as direct attacks using techniques to exploit flaws in that system.
But there's not enough interest among those who write malware or hack other people's systems to make every piece of software or hardware a target.
If no one is interested in your thing, no one is going to try to ruin it. Of course, no one will want to buy it either, but that's a different problem.
So you have to figure that – except for systems with broad commercial appeal, and therefore tremendous potential for profitable criminal abuse – anyone writing malware for a specific system is going to be someone interested in that system and/or the people that use it, right?
Yes. Which is why it is more surprising to hear that someone bothered to create malware designed to attack Microsoft's Xbox Kinect motion-sensing game controller than it is to hear that the researcher who did it is 15 years old.
Security researcher Shantanu Gawde, who works for a company called MalCon Research built an app called "gawde" that runs on a Windows 7 computer and collects sensory data from the Kinect. Keyed partially by voice recognition and a list of key words, the app takes pictures of the victim and the Kinect's surroundings and uploads them to a Picasa account.
More than 10 million Xboxes have been sold worldwide, all supporting a range of open-source drivers, interconnections to the Internet and Windows machines and almost anything else a developer could code using the Xbox software developer's kit distributed by Microsoft.
Kinect is an add-on product – a bar-shaped sensor platform with cameras, motion sensors and audio pickups designed to let users control games with the motion of their bodies rather than a handheld controller – mimicking the motions of the sport or dance contest rather than remembering the long series of button pushes to execute a moon walk, for example