top | item 42064979

(no title)

The main hardware security bugs[0] were very low hanging fruit associated with taking over the boot chain at ring 0- it's more likely that Nintendo themselves were in a rush to get the product on the market after the perceived failure of the Wii U. Even with a secure software stack, people found a way to defeat the Xbox 360 hardware[1] by physically drilling into a chip that enforced a software lock, and George Hotz became known for his work in finding ECDSA flaws in the PS3. Companies can design these locks to last for a few years of a console's lifespan, but I think people now are determined enough to dive into these difficult problems that they're unlikely to be secured forever.

[0] https://www.gamesindustry.biz/unpatchable-hardware-exploit-l...

[1] https://gbatemp.net/threads/scanned-drilling-template-16d4s-...

discuss

jsheard|1 year ago

There's a reason why you have to go back to the 360 and PS3 for those examples, Sony and Microsoft stepped up their hardware security dramatically after that generation. Neither the PS4, PS5, Xbox One or Xbox Series systems have ever been compromised via hardware attacks, and those earlier ones are over a decade old now.

The Xboxes have held up extremely well on the software front as well, and although the Playstation software isn't so robust (they use FreeBSD and routinely get owned by upstream CVEs) their secure boot has never been broken, which limits how much you can do with a software jailbreak. PS3 jailbreaks had continuity where you could upgrade an exploitable firmware to a non-exploitable one while retaining a backdoor, but the PS4s secure boot put an end to that.

pjmlp|1 year ago

Also a note that the XBox security CPU, Pluton is a requirement for more recent PC hardware architecture designs.

And for Rust fans, its firmware has been rewriten.

unknown|1 year ago

[deleted]

realusername|1 year ago

That's not the only reason, Microsoft and Sony did improve their security a lot but their console are also much less juicy targets than in the past as well. The Xbox and the Playstation have way less exclusive games than in the past and the difference with the PC is much smaller nowadays

Lammy|1 year ago

> it's more likely that Nintendo themselves were in a rush to get the product on the market after the perceived failure of the Wii U

Perceived failure of the Wii U and the total reboot of the Switch project itself: https://mynintendonews.com/2020/12/22/nintendo-leak-shows-sw...

blharr|1 year ago

I mean, it is a classic example. If you have access to the hardware and the dedication to do so, you could break almost any security. That's a hilarious example to physically drill into a chip, though

audunw|1 year ago

This could be “famous last words”, but as someone who has worked with chip security I’d be very surprised if anyone breaks this generation of hardware at the chip level.

A decade ago the engineers designing these chips knew there were several angles of attack but there just wasn’t enough resources put into closing these holes.

Now every know angle of attack is closed. Even if you delid the chip and reverse engineer every single gate and can probe individual metal wires on the chip, it’ll still be nearly impossible to break the hardware security. Power supply and EM glitching is also protected against (can’t speak for Switch 2 but I’m speaking in general about chips going forward)

Could be bugs and mistakes that allows someone to bypass security, of course. Both in hardware and software. But I don’t think there will be general purpose angles of attack that can be used to bypass security going forward.