0

2014 was not a good year for Microsoft, with the Xbox Live network being disrupted at both ends of December by Lizard Squad DDoS attacks and then as the year was finally coming to an end a different hacking collective dropped another bomb onto Xbox. A posting on Twitter simply stated "Hey, @Xbox! We thought we'd drop on by and End 2014 with a bang ;)" along with a link to a file on Kim Dotcom's Mega cloud storage service. That file, freely available for download by anyone, was the official Xbox One Software Development Kit.

dweb-xboxone.jpg

Interestingly, the leaking of the SDK would appear to have been spurred in part by Microsoft itself. A news story about a job opportunity for an engineer to work within the Xbox One Core Operating Systems Group was retweeted by the areWeH4LT account immediately before the one giving the link to the SDK. This quoted Microsoft wanting XBox security to be 'a nightmare for hackers' and it seems the leakage was a direct response to that claim. The actual job description stated: "Our mission is to realize the vision of making Xbox One the most secure and trustworthy consumer computing devices in the world. The team owns overall security implementation for Xbox platform including core hardware/firmware security and software. While delivering ground breaking features central to Microsoft strategy, you will interface with a broad array of teams looking to leverage your work to enhance the Xbox experience. We are looking for talented individuals that have a proven track record in software development, engineering and shipping robust and secure software." This could almost be seen as a direct challenge to hacking groups looking for column inches and kudos in equal measure.

Anyway, the end result is that the Xbox One SDK is now out there for anyone to download and use. The homebrew gaming side of things, some might argue, is no bad thing as it opens up a closed system to unapproved developers who can just have a go at coding for the console. It also opens up the very real possibility that specific game cracks may now appear as a direct result, which is not such a good thing I think most games developers will agree. I haven't even touched upon the potential for apps and games acting as carriers for malware yet.

H4LT has previously posted screenshots of the Durango XDK (Xbox Development Kit) files, including firmware documentation and dev tools in order, it says, to help build the Xbox One gaming developer community. It has gone on record to suggest that sharing such resources equates to boosting creativity and research.

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

3
Contributors
2
Replies
18
Views
2 Years
Discussion Span
Last Post by RobertHDD
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.