In the world of personal computing, hacks that exploit memory errors to allow for the execution of arbitrary (and often malicious) code are far from surprising anymore. What's more surprising is that such "arbitrary code" bugs are also present on the relatively locked-down computers inside of video game consoles.
This was demonstrated quite dramatically last week at Awesome Games Done Quick (AGDQ), an annual marathon fundraiser that this year raised over $1 million for the Prevent Cancer foundation. The event focuses on live speedruns of classic games by human players and included a blindfolded Mike Tyson's Punch-Out!! run that ranks among the most impressive live video game playing performances I have ever seen. The most remarkable moment of the weeklong marathon, though, came when a robotic player took "total control" of an unmodified Super Mario World cartridge, reprogramming it on the fly to run simple versions of Pong and Snake simply by sending a precise set of inputs through the standard controller ports on the system.
The two-and-a-half minute video of this incredible exploit is pretty tough to follow if you're not intimately familiar with the state of emulator-assisted speedruns. At first, it looks like the game must have been hacked in some way to allow for things like multiple on-screen Yoshis, item boxes that spawn multiple 1-ups, and the ability for Mario to carry items while riding on Yoshi. In actuality, these seeming impossibilities are just glitches that have been discovered over the years through painstaking emulated playthroughs by the community at TASVideos (short for tool-assisted speedrun videos).
Facebook users are tricked into believing that they can play Mario Kart on the social network.
In reality, they’re helping to put money into the pockets of scammers.
Nintendo is the latest well-known name to fall victim to a series of cyber-attacks that have been dominating the IT headlines in recent weeks.
The Lulz Security hacking group published what they said was an internal configuration file for one of Nintendo’s US servers.
Although there was no corporate or customer information exposed by the Nintendo hack, it couldn’t have come at a worse time for the firm. Nintendo is due to reveal details of the successor to its Nintendo Wii games console (dubbed the “Wii 2” until we know any better) this week at the E3 show.
Interestingly, although Lulz Security appears to have no love for Sony (which has become something of a ‘whipping boy’ in the hacking community in recent weeks), they do appear to hold a true fan-boy affection for competing game firms Nintendo and Sega.
Although perhaps tweeting that they’re prepared to hack on Sega and Nintendo’s behalf is taking things a bit far..
The love may be unrequited, but LulzSec isn’t holding back in its affection for Nintendo despite the hack:
Lulz Security is playing a dangerous game, however. As it continues to gain public attention through high profile hacks it is surely at risk of being investigated by the computer crime authorities.
It seems to me that no-one should be complacent about their web security – whether a hacking group has an axe to grind against your company, or a criminal gang is hellbent on stealing information about your customers, you had better ensure that you have proper web security in place and your sites are well defended.
If you haven’t already done so, download our free technical paper all about “Securing Websites”.