Unlock Achievement Of Stolen Credit Card Info On Used Xbox 360s
By Tom Wyrick. April 2, 2012, 11:00 AM CDT
Researcher Ashley Podhradsky from Dakota State University, along with colleagues Rob D’Ovidio and Cindy Casey at Drexel University, claim Microsoft isn’t doing enough to protect personal user information. In a recent experiment, they purchased a refurbished Xbox 360 from an authorized reseller and used a readily available modding tool to access folders and files on the system. From there, they could recover the original owner’s credit card information.
Podhradsky recommends Xbox 360 owners remove the hard drive from the console and temporarily attach it to a computer, so a secure disk wipe program can be run on it before resale. (Steps for the drive removal procedure can be found at MakeUseOf, and one of many possible options for a free disk wipe utility would be CMRR’s Secure Erase Utility.) Using the 360′s built-in disk-erase option isn’t enough to ensure your personal data can’t be recovered.
To be fair, this has long been the case with the information on a standard PC’s hard drive, so this shouldn’t really be a surprising discovery. I think it does, however, bring up the valid point that Microsoft fails to provide built-in tools for a secure wipe and fails to encrypt any stored user and credit card information saved on the Xbox. Consoles are used like appliances, with an assumption that all the functionality needed is provided internally. The steps currently required to ensure safe resale of a used Xbox are unreasonably complicated for consumers.
About Tom Wyrick
Tom Wyrick is network manager for a steel fabrication company by day, and owner of Wyrick Consulting, an on-site PC and Mac service business. He's recently been told he "has more computer power than some 3rd. world countries" at home.