For as long as I\u2019ve been working in the security industry, which \u2013 in the spirit of full disclosure \u2013 hasn\u2019t been a very long time, I have been shocked by the utter lack of attacks targeting gaming systems.<\/p>\n
A couple times a year, maybe, you\u2019ll read about an attack targeting or a vulnerability in some specific game<\/a> or gaming platform. More often than not the attacks are one-offs, generally exploiting a game\u2019s online platform, forum<\/a>, or database<\/a> of some kind. The forever-popular first person PC shooter, CounterStrike, is a great example of this: there always seem to be CounterStrike hacks out there.<\/p>\n To be clear, PC and other computer gamers, particularly those playing massively multiplayer online role-playing and other popular games (like Minecraft), are already exposed to significant threats targeting their machines<\/a>. Attacks targeting the XBOX or PlayStation or Nintendo consoles, however, seem to be incredibly rare. Nintendo\u2019s and Sony\u2019s portable DS and PSP offerings were targeted by trojans some six years ago<\/a>, and experts have prophesied the dawn of gaming malware for just as many years. The reality though, by nearly any measure, is that yearly gaming malware predictions have yet to materialize.<\/p>\n The PlayStation Network attack and subsequent outage in 2011<\/a> was among the largest known data breaches to date, affecting somewhere between 75 and 100 million customers. The network outage lasted nearly a month, and Sony (the company that makes the PlayStation) was harshly criticized for it, not only because of the way they handled the outage but also because of the series of security missteps that led to and in some cases worsened the severity of the breach. Notorious though the incident was, the attack targeted corporate servers rather than the console itself.<\/p>\n Of course, the PSN attack was \u2013 at least in part \u2013 a reaction to the way that Sony itself reacted when George Hotz, perhaps better known by the handle geohot, announced that he had Jailbroken \u2013 or unlocked \u2013 the PlayStation 3. In fact, it is important to draw a line here, when I say attacks, I am referring to malicious, criminal hacks seeking to steal money, information, or computer resources from gaming consoles which are increasingly computer-like. There has certainly been no shortage of hobbyist hacks, sometimes known as modding, seeking to access the full potential of gaming consoles or to make them capable of playing illegally downloaded content.<\/p>\n If you think back to\u00a0 early gaming consoles, this sort of behavior was almost encouraged in a way. When I was maybe five or six, my dad came home with this strange device called Game Genie for my Nintendo Entertainment System. For all intents and purposes, the Game Genie was an automated hacking box. It accessed the binary code that controlled the video games, manipulated that game data, and let game-players enter cheat-codes and perform unintended functions during game-play.<\/p>\n