Two hackers showed how they can hack Nintendo‘s handheld and console game devices to spread malware to whatever networks they are connected to.
At the Defcon security conference in Las Vegas, Ki-Chan Ahn (below) and Dong-Joo Ha (right) showed off a number of demos of how they could crack the Nintendo DS and Nintendo Wii and use them to upload malware. They said users don’t expect malware to be loaded on game console devices, so they could be taken advantage of more easily. (See our roundup of all Black Hat and Defcon stories.)
The researchers said they could spread malware in a number of ways. They could, for instance, inject a virus into a pirate version of a Nintendo game and upload it to torrent networks, where users download pirated games. They showed how they could play a game in a compromised Wii system.
They also found that many companies install Nintendo Wii devices in their work places, even though they don’t let you walk into the company with smartphones or laptops. (Factories and other sensitive work locations don’t allow any devices with cameras). By poisoning the Wii, they could spread a virus over the corporate network. People have a false sense of security about the safety of these game devices, but they can log into computer networks like most other computer devices now.
In the demos, the researchers showed they could take compromised code and inject it into the main game file that runs on either a DS or a game console. They could take over the network and pretty much spread malware across it and thereby compromise an entire corporation. The researchers said they can do this with just about any embedded device, from iPhones to internet TVs. All that is needed is an embedded computer, networking, and input-output systems. A few of the demos failed because wireless networks weren’t functional.
Ahn is a student at Hanyang University in South Korea, majoring in electronics. Ha is a researcher at AhnLab, a security firm. Check out the video excerpts below:
Don't let cyber attacks kill your game! Join GamesBeat's Dean Takahashi for a free webinar on April 18 that will explore the DDoS risks facing the game industry. Sign up here.