I don't know much at all about the Xbox One architecture (and what I do is from public information obviously), but it seems safe to assume that this exploit would only land in the "Application" portion of the system. As I understand there are two (three?) hypervisor-level isolated portions of the system... particularly for cases like this in order to prevent a compromised application from being able to enable piracy of the "GameOS" portion.
There are actually 3 different OSes running on the Xbox One. Applications are in their own OS, so any "kernel" exploit would only grant them access to that very limited OS that can't run games. Unless, of course, they somehow manage to escape that container and force VM to run their own modified version of GameOS.
A modified version of Hyper-V called NanoVisor is used. Apps run in SystemOS, which is already accessible officially even through other ways...
GameOS and HostOS use a stripped-down version of the NT kernel, compiled differently and without binary compat.
Anyone can, that's right ;)
Every Windows Store(UWP) app that isn't a game* is automatically pushed to Xbox devices also, except if the developer opts out.
* for games, it's separately handled for validation
"I do not have an xbox one and cannot verify that the exploit indeed works. With that being said, there’s enough hints pointing to this being real so if you have an XBox running on the affected firmware, feel free to give it a try and comment."
I've no doubt this exploit is legit but it would be nice for reporters to actually verify these issues themselves before posting online.
The above basically reads to me I'M TOO LAZY TO CHECK MYSELF
He could have ask a friend to apply the exploit, is a matter of responsibility because you need proofs to support your statements. What would happen if the exploit is not real and he called it out incorrectly?
The author stated that a proof of concept was released. This is a verifiably true fact. Nowhere was it claimed it worked, and in fact that's quite clear by the "unconfirmed" in the title and the "[w]e have not confirmed if this exploit works" in the first paragraph.
Wasn't supposed to be agressive, just wanted to make sure It's clear I completely disagree with you. Sorry if that came off as agressive, that certainly wasn't the intention.
Yes! Emphatically yes! Particularly in the security community this has become quite a problem. People will report on stuff and make claims without actually doing the research and it contributes to some very bad practices over time as things which are factually untrue become accepted as fact.
Alternatively, he did try it, and just doesn't want to admit it because there is no Xbox One bug hunting program so he could be charged under the existing computer hacking laws.
It is not about this case in particular, but what often "bugs" me is the fact that there are people discovering exploits in these locked-down devices --- which could open them up significantly --- and actually advocate/report to get them fixed, making them even more locked-down. I understand that some of them are in it for the $$$, but even when there isn't, they still do it. The phrases "digging your own grave" and "locking yourself out" come to mind... it all seems rather Orwellian.
There is an exemption for security research when it comes to violating the DMCA by breaking crypto & also, it would be his device so honestly, no one is going to really care. Even when it was technically illegal to break device encryption I was doing it and reporting vulns to vendors with no issues because it was in good faith. Low risk.
You cannot be charged for hacking something you own under any existing hacking law. In that case it would be an authorized access, so there is no crime.
Even if this were the New York Times talking about an exploit, I'd expect their reporters to, well, report, not necessarily directly verify something themselves. And this is quite clear that it's unconfirmed. What he does do is report what the developer is saying, adding sufficient context for non-experts to understand, and giving links so those interested can learn more. Presumably once it's verified, there will be another article saying so.
Given that, it seems like perfectly fine amateur journalism. Why do you expect it to be something else?
+1 Sums up my point beautifully - to be clear I'm not trying to clamp down on free speech and would encourage reporters to "report" breaches like this. The main issue I have is that there's a first to post mentality without adequate fact checking. Speed is beating substance. The incentives in media are unfortunately all lined up the wrong way. Maybe I'm just being nostalgic but I miss the days when any journalist (amateur or not) would pride themselves on the accuracy of their statements. I've basically just stopped believing what I read after the FB fake news revelations.
