CanSecWest: game consoles spread viruses within LANs

For years, game consoles have been increasingly popular, and now that large waves of owners have hacked their own Wii, Xbox 360, and PS3, the number of "home-brew" software installations is growing. Users are not particularly careful when they install home-brew software; instead, they simply want the applications to work.

At the CanSecWest security conference that opened on 9 March, Korean security researchers DongJoo Ha and KiChan Ahn showed how home-brew applications can be exploited to distribute malware. On Nintendo DS and Nintendo Wii, they demonstrated how a pirated game can be infected with malware. Once the game has been installed on the console, the malware tries to attack and infect other systems within the network via Wi-Fi. The consoles infected can, in principle, be remotely controlled via the internet.

What's worse, no one will think that a Windows system was infected by a game console connected to the same local network. The researchers also showed that a growing number of consoles are even being connected to corporate networks to give staff a chance to relax. In other words, the danger is not limited to private users.

The researchers believe that the attacks are not only limited to game consoles, but also extend to iPhones, internet-capable televisions, and any other IP-capable system. Ha and Ahn said people should be careful when installing software that is not from trustworthy sources. One example they mentioned is PS3 Custom Firmwares, which not only allow pirated software to be used, but could also send out PSN-IDs and credit card data.

Symantec is already working with Mocana, a firm specialising in security for embedded devices, to protect appliances with an internet connection, such as game consoles, TVs, and Blu-ray players. Mocana's expertise is to be used in products such as "Norton for Smart Devices".

(Marc Heuse / crve)