Considering consumers pay such a high price in the stores for their gizmos and gadgets, they would be forgiven for thinking that the manufacturers of these high-end pieces of technology are doing all they can to ensure any data that passes through the product and associated services is as secure as it possibly can be. However, if recent research into the subject is anything to go by, then it would appear that this isn’t always the case, with sensitive data such as credit card details being easily accessible on Xbox 360 consoles through the use of widely available tools.
We all have heard the old advice of always removing the hard drive from a desktop computer when the time comes to eventually get rid of it or sell it through second hand channels. This type of advice is extremely common and serves to make sure that whoever may get their hands on that machine after you has no possible way of restoring any data that was once saved on the internal storage.
Rather disturbingly, it seems that if a second hand Xbox 360 console falls into the wrong hands, then the same type of sensitive data and personal information can also be extracted from the hard drive, even if the gadget has been restored to its factory settings before selling it on.
A research team at the Drexel University in Philadelphia have confirmed this by using some common tools to successfully interrogate a second-hand Xbox 360 console and got their hands on a set of personal data files. The team are also claiming that by allowing this to happen, Microsoft are wronging their faithful customers and should be implementing additional precautions to ensure that all data is secure, even after the console has been passed on.
When Microsoft inevitably releases a new and improved Xbox console, it stands to reason that they will want their current user base to go out and purchase the new hardware, leaving a large number of current generation devices being passed on through secondary sales channels. The Drexel research team believes that Microsoft should do more to protect those users, with Ashley Podhradsky saying:
Microsoft does a great job of protecting their proprietary information, but they don’t do a great job of protecting the user’s data.
Offering a small piece of advice, Podhradsky recommends that before a console is sold on or thrown away, the user should remove the internal hard drive and entirely wipe the contents using software designed for this exact purpose, such as DBAN or alternatives. Using such software to delete data is perhaps common knowledge to a lot of hardcore computer users, but for those who enjoy casual gaming and have provided credit card information for Xbox LIVE subscriptions; this report could prove to be an eye opener.
Update: In response to the above mentioned story, Microsoft (via Joystiq) have responded and said that they will run a “thorough investigation into the researchers’ claims”. Furthermore, they have said that refurbished Xbox 360s go through the process of being completely wiped at their end so that no personal information can fall into the wrong hands.
You may also like to check out: