« Email and bots | Main | So what is policy anyway? »

Game targets

Our household received two gaming devices over the holidays that are capable of communicating with the outside world. We activated the communications of the Wii, and are merrily looking at Mii’s from across the planent.

This got me to thinking about alternate attack targets. Many folks are conditioned to think about protecting communication to and from their traditional computers (though most folks don’t do a very good job of this protection). Eventually everything will have an IP address and will be capable of communication and potentially being tricked into running undesirable code.

I did a quick nmap scan of the Wii’s currently assigned IP address and nothing showed up. That’s good. It should be initiating all communication. Then I did a ping, and it got a address not routeable message. Thought that was odd, so I looked at the network scan. Turns out the Wii wasn’t answering ARP requests. Seems like a very sensible solution if it is not expecting unrequested communication.

I’ll have to do some more sniffing downstream. Many ARP implementations seem to pick up ARP information from the cache based on the requestors information. But not all. So presumably the Wii stack also replies to ARP requests if they are seen during active communication. The EULA prohibts reverse engineering the network protocol, but I presume that observing network communication to understand its impact on my network environment is fair game.

So the good news is that the Nintendo folks seem to have thought at least a little bit about communication security. The bad news is that is this won’t likely be enough in the long run. Or maybe even now. There is lots of noise about Wii hacks on the web, but they seem to be the sort of hacks you do to yourself to improve your gaming experience and impress your friends. Once someone figures out the communication channel, you can “hack” others and then the real fun begins. Wii-bots anyone?

There are lots of flops to be had from the game hardware. The PS3 was the major platform contributing flops to Standford’s Folding@home effort.

Posted by Dr. H on January 4, 2008 10:22 AM |

TrackBack

TrackBack URL for this entry:
http://blog.thought-mesh.net/scgi-bin/mt-ping.cgi/entry/game_targets

Listed below are links to weblogs that reference Game targets:

» Wiinit.com from wii reviews
Any ideas if the future of the Wii will include better than the 480p. Not that it bothers me much :) [Read More]

Tracked on June 26, 2008 1:51 PM

Post a comment

Search


About

This page contains a single entry from the blog posted on January 4, 2008 10:22 AM.

The previous post in this blog was Email and bots.

The next post in this blog is So what is policy anyway?.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type 3.34