What's new

Meltdown and Spectre CPU exploits and PS4/Xbox one encryption

  • Thread starter bluefrog
  • Start date
  • Views 5,486
B

bluefrog

Enthusiast
Messages
364
Reaction score
153
Points
115
Sin$
7
My understanding on these like almost everyone else's is still limited. But I believe this means the end for PS4 and Xbox one security?
 
CaptainSkeet

CaptainSkeet

Enthusiast
Messages
97
Reaction score
25
Points
95
Sin$
0
I believe this is the wrong forum for this topic however back on to the discussion I don't believe this will go very far with the Xbox one. They already rolled out an update to windows 10 unless you have a certain anti-virus that makes system calls that conflict with the update/patch. The one console runs a modified version of windows 10 right now so it wouldn't surprise me if it has already sent out an update to patch this exploit. Another thing is this was just released so to actually use this someone would need to find a way to implement it on the console which would be a challenge itself for the fact everything requires to be signed and verified by Microsoft with private keys. Not like a regular pc that you can throw some code together then compile in a .Exe with the exploit. Only time will tell. But I wouldn't hold your breath on this round.
 
Last edited:
S

Sketch

Enthusiast
Messages
531
Reaction score
278
Points
170
Sin$
7
No, it does not actually impact these consoles. Well, not the Xbox One. At least from what I've been told.

Edit: should've probably expanded more. I can only speak for the One which if was impacted then it would still require quite a bit to even get anywhere. Security would still be tight.
 
POPINSMOKE

POPINSMOKE

Ryzen Master ®
Messages
267
Reaction score
61
Points
105
Sin$
7
Hay the 360 was bumped by slowing down the cpu years after the E-fuze patch, (after a fashion and not exact but you get my point) who knows what comes of this or even the DIMM “Rowhammer”.
 
B

bluefrog

Enthusiast
Messages
364
Reaction score
153
Points
115
Sin$
7
On further reading the Meltdown can't work on the PS4 or Xbox one but Spectre can. I think the PS4 is in for a problem.. because there are plenty of PS4s out there that can have code ran on them and that wont be updated. Once the exploits are released and understood there's going to be a way in on the PS4. But your right I can't see the Xbox being broken now that I thought about it a bit more :smile:
 
POPINSMOKE

POPINSMOKE

Ryzen Master ®
Messages
267
Reaction score
61
Points
105
Sin$
7
My understanding on these like almost everyone else's is still limited. But I believe this means the end for PS4 and Xbox one security?

If you dig past the media hype and Microsofts play down of it there some good reads out there on this “Project Zero’s” information on the “Spectre” side of things, leads me to believe that
“Meltdown” collects the data ??
 
1

133T7S

Enthusiast
Messages
70
Reaction score
4
Points
55
Sin$
0
Thanks for the hands up, I need to dig some more and do my own research.
 
P

pyro2028

Newbie
Messages
1
Reaction score
0
Points
35
Sin$
7
randomascii.wordpress.com/2018/01/07/finding-a-cpu-design-bug-in-the-xbox-360/
 
HexDecimal

HexDecimal

Getting There
Messages
438
Reaction score
112
Points
200
Sin$
0
To even run the exploit on Xbox One would take quite a bit of work. The console then has additional hardware measures that I am sure will stop or greatly decrease the severity of the exploit.
 
decima7e

decima7e

Contributor
Messages
1,844
Reaction score
949
Points
315
Sin$
0
Microsoft is claiming that due to the security architecture of the Xbox One, it is not affected by Spectre. But if it was, would they really admit it? Personally, I don't see a reason why spectre couldn't be used to at least obtain a decrypted ram dump and hypervisor and perhaps even the cpu keys.
 
HexDecimal

HexDecimal

Getting There
Messages
438
Reaction score
112
Points
200
Sin$
0
Microsoft is claiming that due to the security architecture of the Xbox One, it is not affected by Spectre. But if it was, would they really admit it? Personally, I don't see a reason why spectre couldn't be used to at least obtain a decrypted ram dump and hypervisor and perhaps even the cpu keys.

The console's security processor (PSP) migrates the threat. There also are not "cpu keys" per say.
 
POPINSMOKE

POPINSMOKE

Ryzen Master ®
Messages
267
Reaction score
61
Points
105
Sin$
7
GlAD my RYZEN bulids,kept me off the xbone for weeks, until something can come of this thats how it will stay. A shader fk the 360 mabe this its the golden ticket
 
HexDecimal

HexDecimal

Getting There
Messages
438
Reaction score
112
Points
200
Sin$
0
Right, except the PSP is the exact thing that's being exploited by spectre afaik

Lol. How do you plan to run any code on the PSP let alone the spectre exploit? PSP code exec would require full console control if even then, making the spectre exploit pointless.
 
decima7e

decima7e

Contributor
Messages
1,844
Reaction score
949
Points
315
Sin$
0
It really isn't. Maybe with desktop CPU's but the firmware is different for Xbox One :smile:
I was getting my exploits mixed up. I was talking about this exploit, also released by a Google engineer on the same day as Spectre:
https://www.theregister.co.uk/2018/01/06/amd_cpu_psp_flaw/
https://www.scmagazineuk.com/securi...s-platform-security-processor/article/735414/
https://www.bleepingcomputer.com/ne...cure-chip-on-chip-processor-disclosed-online/
http://seclists.org/fulldisclosure/2018/Jan/12
 
Top Bottom
Login
Register