Dreamcast turned into Linux hacker tool
#1
DVD Talk Gold Edition
Thread Starter
Join Date: Mar 2000
Posts: 2,827
Likes: 0
Received 0 Likes
on
0 Posts
Dreamcast turned into Linux hacker tool
I didn't see this when I did a search of this forum ...
Please let's not turn this into a thread of the x-box could be a better hacking tool than the Dreamcast, or GC or PS2...
http://news.zdnet.co.uk/story/0,,t278-s2120283,00.html
Old game machine turned into Linux hacker tool
08:37 Monday 5th August 2002
Robert Lemos, CNET News.com
Security researchers at the Defcon hacker conference turn Dreamcast consoles and other innocuous gadgets into stealthy network monitoring devices
Sega's defunct Dreamcast gaming console, which has long since stopped rolling off the manufacturing lines, has gained a surprising new lease on life.
Two security researchers on Friday showed attendees at the Defcon hacking conference here how to reuse the small off-white boxes as stealthy network monitoring devices.
"When you only have a few minutes, you need to be able to drop something off that will let you access the network later," Aaron Higbee, a consultant with Foundstone and one of the two programmers who worked on the project, said of the Dreamcast consoles.
Higbee and his programming partner, consultant Chris Davis of RedSiren Technologies, created the software to turn a Dreamcast into a network bug. Their software, when burned onto a CD-R and placed in a Dreamcast that has a broadband network adapter, allows the game console to give a hacker access to the network to which it is connected.
Rather than teaching hackers in the audience how to monitor others' networks, Higbee and Davis said the demonstration was intended to alert network administrators to the danger that many innocent-looking devices could pose to network security.
"We are really attacking the concept of what computers are," he said, adding that many other devices could be used to monitor networks, including TiVo television recording devices, some new "intelligent" vending machines and even printers.
Walking into a company and dropping a device onto the network is a simple way to defeat much of the network security that businesses might erect to keep out attackers, Higbee said.
"Physical access is pretty easy to obtain," he said. "Especially for short moments of time."
Moreover, companies tend to build a wall around their networks, with heavy security at the perimeter -- between the Internet and the firm's network -- but have little security on the inside. So getting a device on the internal network can give a hacker far more access, they warned.
"The data that is valuable and worth protecting is on the inside," Higbee said. "We want to get on the inside."
The software that Higbee and Davis have created -- they stress that they haven't modified the hardware because they don't want to run afoul of the Digital Millennium Copyright Act -- is a Linux-based system. The software will first scan the network the Dreamcast console is on and then attempt to create an encrypted network back to the hacker's network.
Dubbed "180-degree" hacking by the duo, the ability to have a device on the inside makes a hacker's job much easier.
"Most people believe that inside traffic is trusted," he said, adding that most of the time a system administrator believes that any traffic coming from the inside is legitimate.
"I truly believe that in this attack... firewalls are pointless," Davis said. "They need to be a lot more aware of what's on their network. They almost have to treat their internal network as the Internet -- as an untrusted network."
Please let's not turn this into a thread of the x-box could be a better hacking tool than the Dreamcast, or GC or PS2...
http://news.zdnet.co.uk/story/0,,t278-s2120283,00.html
Old game machine turned into Linux hacker tool
08:37 Monday 5th August 2002
Robert Lemos, CNET News.com
Security researchers at the Defcon hacker conference turn Dreamcast consoles and other innocuous gadgets into stealthy network monitoring devices
Sega's defunct Dreamcast gaming console, which has long since stopped rolling off the manufacturing lines, has gained a surprising new lease on life.
Two security researchers on Friday showed attendees at the Defcon hacking conference here how to reuse the small off-white boxes as stealthy network monitoring devices.
"When you only have a few minutes, you need to be able to drop something off that will let you access the network later," Aaron Higbee, a consultant with Foundstone and one of the two programmers who worked on the project, said of the Dreamcast consoles.
Higbee and his programming partner, consultant Chris Davis of RedSiren Technologies, created the software to turn a Dreamcast into a network bug. Their software, when burned onto a CD-R and placed in a Dreamcast that has a broadband network adapter, allows the game console to give a hacker access to the network to which it is connected.
Rather than teaching hackers in the audience how to monitor others' networks, Higbee and Davis said the demonstration was intended to alert network administrators to the danger that many innocent-looking devices could pose to network security.
"We are really attacking the concept of what computers are," he said, adding that many other devices could be used to monitor networks, including TiVo television recording devices, some new "intelligent" vending machines and even printers.
Walking into a company and dropping a device onto the network is a simple way to defeat much of the network security that businesses might erect to keep out attackers, Higbee said.
"Physical access is pretty easy to obtain," he said. "Especially for short moments of time."
Moreover, companies tend to build a wall around their networks, with heavy security at the perimeter -- between the Internet and the firm's network -- but have little security on the inside. So getting a device on the internal network can give a hacker far more access, they warned.
"The data that is valuable and worth protecting is on the inside," Higbee said. "We want to get on the inside."
The software that Higbee and Davis have created -- they stress that they haven't modified the hardware because they don't want to run afoul of the Digital Millennium Copyright Act -- is a Linux-based system. The software will first scan the network the Dreamcast console is on and then attempt to create an encrypted network back to the hacker's network.
Dubbed "180-degree" hacking by the duo, the ability to have a device on the inside makes a hacker's job much easier.
"Most people believe that inside traffic is trusted," he said, adding that most of the time a system administrator believes that any traffic coming from the inside is legitimate.
"I truly believe that in this attack... firewalls are pointless," Davis said. "They need to be a lot more aware of what's on their network. They almost have to treat their internal network as the Internet -- as an untrusted network."
#2
DVD Talk Limited Edition
Join Date: Feb 2001
Location: Austin, Texas
Posts: 6,515
Likes: 0
Received 0 Likes
on
0 Posts
The only thing I dislike about the article is that they make it look like you could walk into the nearest GameStop and pick up a Dreamcast for next to nothing and immediately start hacking with it.
Not like the ethernet adapters are in limited supply and are fairly expensive.
Not like the ethernet adapters are in limited supply and are fairly expensive.
#4
DVD Talk Hall of Fame
I wonder If the price of the Dreamcast will go up on ebay now....hmmmm.
I think they avoided mentioning the XBox since they thought people might as well lug up a full desktop pc
about the ethernet adapter I don't think that that was the point. If you can access any internal network with nothing more than a 50$ (yeah yeah plus the money for the adapter) "toy" then that is pretty amazing.
I think they avoided mentioning the XBox since they thought people might as well lug up a full desktop pc
about the ethernet adapter I don't think that that was the point. If you can access any internal network with nothing more than a 50$ (yeah yeah plus the money for the adapter) "toy" then that is pretty amazing.
#6
DVD Talk Gold Edition
Thread Starter
Join Date: Mar 2000
Posts: 2,827
Likes: 0
Received 0 Likes
on
0 Posts
I think the point was also that an innocuous looking piece of hardware (in this case a DreamCast, but it could be anything with network capability), could be used to hack into a network, given momentary physical access. Think about the ramifications of letting the Xerox guy come in and hook up a network capable copier, or the Coke vendor in to connect one of the new network capable coke machines, and how "innocent" those items would look in an office, while collecting & retransmitting information off of your network...
#7
DVD Talk Limited Edition
Join Date: Jan 2000
Location: MN
Posts: 5,949
Likes: 0
Received 0 Likes
on
0 Posts
although it is a bigger pain in the butt you can use the modem as a network adapter kind of for use with most of the games, but I am assuming you can't hook it up to a network this way.