Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

"Security" in the context of a game console manufacturer means its users are unable to execute unlicensed code on it. So if Spectre or Meltdown are a concern, the system has already been compromised. It's not another layer on the onion, the onion is already gone. Security on a console is like a safe that contains the key to your Bitcoin wallet and the combination to the safe.

Usually there's SOC that manages IO, and the ROM contains a key/publisher cert. To run code on the main CPU, the SOC has to bless it. No code other than what's on the SOC's EEPROM can run on the EEPROM. And flashing the EEPROM requires the manufacturer's key; you load a potential image into the SOC's RAM, it verifies the image, it flashes the image.

Getting unlicensed code to run on modern consoles is generally more difficult than jailbreaking an iPhone. And even if you get your code to run by tapping the bus or whatever, there's no data in main memory that's worth stealing, nothing that could help you get a persistent break or anything. The valuable data lives in the SOC.

Preventing Spectre/Meltdown is less important than the extra 2-4% performance.



Today's consoles have web browsers. So if it runs javascript, spectre and meltdown are a concern.


> Getting unlicensed code to run on modern consoles is generally more difficult than jailbreaking an iPhone.

I think they're of similar difficulty.


Security exploits on game consoles are also a means to win money on MMO with virtual currency, so game companies nowadays do care about Spectre, Meltdown and friends.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: