One of the fun things about working at Secure Ideas are the conversations that we have about different technologies and platforms. One of my favorites are the ongoing discussion that Kevin and I have had about the Xbox Live platform and now the Xbox One. A bit before the Xbox One was released we decided to seriously look at the new gaming platform. So two weeks ago my shiny new Xbox One (X1) arrived and while the kids were at school, I set it up and started gathering information on it. (The kids didn’t know I was getting this until I pulled it out for Christmas.)
Before launching into the setup of the X1, here are some of what we are interested in on this gaming platform:
- Facial recognition – What privacy concerns are involved with this feature and are there any problems with how it is implemented?
- Social media – Xbox Live Gold is a social network for gamers. What privacy concerns are here?
- Microphone and camera in your living room – The X1 microphone is always on and listening. I’m not sure what the state of the camera is while the X1 is off. How could this be abused? Can some creep turn on recording of what’s going on and access it some how?
- Implementation flaws – Are there any security problems with the way the X1 has its features implemented? Is data in the clear that shouldn’t be?
- -i = Interface to capture on
- -nn = Don’t convert addresses, protocol and port numbers etc. to names
- -vv = Even more verbose output.
- -X = When parsing and printing, in addition to printing the headers of each packet, print the data of each packet (minus its link level header) in hex and ASCII. This is very handy for analysing new protocols.
- -S = Print absolute, rather than relative, TCP sequence numbers
- -s = Snarf snaplen bytes of data from each packet rather than the default of 65535 bytes. I set this to 0 to capture a data available in each packet.
- -w = Write the captured data out to a file rather than displaying to standard out.
Jason Wood is a Senior Security Consultant at Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at firstname.lastname@example.org or visit the Secure Ideas – Professionally Evil site for services provided.