Attacking Game Consoles On Corporate Networks

A pair of security researchers speaking at DefCon demonstrated how video game consoles, which are becoming increasingly common break room or team-building toys, can open vulnerabilities in corporate networks. "[They] found that many companies install Nintendo Wii devices in their work places, even though they don’t let you walk into the company with smartphones or laptops. (Factories and other sensitive work locations don’t allow any devices with cameras). By poisoning the Wii, they could spread a virus over the corporate network. People have a false sense of security about the safety of these game devices, but they can log into computer networks like most other computer devices now. In the demos, the researchers showed they could take compromised code and inject it into the main game file that runs on either a DS or a game console. They could take over the network and pretty much spread malware across it and thereby compromise an entire corporation. The researchers said they can do this with just about any embedded device, from iPhones to internet TVs."

This isn't going to be a major threat.

[Securityemo]

There are probably much easier ways to perform targeted attacks against most organizations. But imagine someone bribing disgruntled wallmart/other low-wage chain employees into replacing cartridges and discs with what they are told are "just pirate copies that'l most likely play perfectly, no harm done really, you'l get a cut off the sales of the originals up front."

Re:Don't plug it to internet

[CrashandDie]

20, maybe. 10? Definitely.

I remember pulling coax in the early first half of the 90s all over the place. Then ethernet came and made us damn ourselves. Everyone wanted to be connected. Centralised printer, easy file transfer.

Woot.. ruining the diversion for all!!.

[Tei]

The researchers will claim that are doing something productive, and have a point to that. But for the other 99.9999% of the population this type of stuff is just party-breaking.

Is like wen a researcher get out of the blue and strong-force a open source game dev to fix "important bugs". Now, the problem with what is important for a researcher, and what is important for a game dev is different. A single researcher (can I say hacker?) can efectivelly "DoS" a single game developer sending hole bugs, and forcing that game dev to ignore everything else and focus on that bug.

Yes, I said force. Something very nice about these researchers is that force everyone to share his idea of what is important. If you disagree, will make the hole public, so you are forced to fix that potential hole.

Yes, researchers do a important work, but that don't make then LESS A BUCH OF ASSHOLES.

Re:Don't plug it to internet

[TheCarp]

Thats no fun! Seriously, its a corperate world we are talking about right? Why not a corporate solution. We deal with devices that need some manner of protection all the time.

You put this into an existing subnet of devices that require internet access but not internal LAN access. If you don't have such a pool of devices, you make such a subnet. Hell you define a game console VLAN, put all the game consoles in it (even a large company shouldn't have more than a handful), give them a small subnet (a /27 or something), and then setup their gateway router to only allow them to connect out the internet pipe and not to the internal network.

The real problem, I think, is that such devices are easily overlooked. Some manager putting a wii in the break room might not realize whats the exposures are, and just gets a network drop like any old desktop, and plugs it in.

-Steve

Unfortunately, NetAdmin != Sysadmin

[RulerOf]

This story is only a story if your Network Admin knows nothing about network admin.

Plenty of places make their sysadmins set up the network hardware, but the problem is that we're sysadmins, not network admins. It's annoying as all hell, but the fact is that plenty of businesses will forego hiring a networking expert simply because they don't think they need to.

Given a network and adequate hardware, even I can point out what an appropriate topology would be for the setup, but I just don't know how to do it. I understand the concept of VLANs, routing, DHCP relay, etc., but I just don't know how to configure the hardware. I really wish I did, too, but on the same token I'd rather spend my time and effort working on hardware and OS level stuff and just be able to tell the network guru[s] how I'd like the connectivity to play out.

...To give you an idea of my networking ignorance: In spite of the fact that I know VLAN tagging is a modification to ethernet frames themselves (i.e., I know they're a subset of 802.3), I spent god knows how long trying to forward VLAN traffic over a wireless (or 802.11) connection. It wasn't until I called the VoIP provider that I realized what foolishness I had been pursuing for the better part of an hour :-P (In retrospect, if I had gotten EoIP to work in the first place like I had planned, it should have worked)