Voltage‑Glitch Attack Unpatchably Compromises Xbox One Console, Enabling Unsigned Code Execution
What Happened — A researcher (Gaasedelen) demonstrated a hardware‑level voltage‑glitch exploit, dubbed Bliss, that bypasses the Xbox One’s boot‑ROM memory protection and injects attacker‑controlled code into the CPU, hypervisor, and OS. The attack is achieved by delivering two precisely timed voltage glitches to the CPU rail, allowing full control of the console and decryption of firmware and game binaries.
Why It Matters for TPRM —
- Demonstrates that legacy hardware can harbor unpatchable vulnerabilities, exposing downstream services that rely on the platform.
- Highlights supply‑chain risk for game publishers, cloud‑gaming providers, and any third‑party services that integrate with Xbox hardware.
- Shows that hardware attacks can bypass traditional software‑only security controls, requiring expanded assessment scopes.
Who Is Affected — Gaming hardware manufacturers, cloud‑gaming platforms, digital distribution services, and any enterprise that uses Xbox One consoles for internal training or demo environments.
Recommended Actions —
- Review contracts with Microsoft and any OEM partners for hardware‑security warranties and disclosure obligations.
- Assess the need for additional physical‑security controls (tamper‑evident enclosures, voltage‑monitoring) for consoles in high‑risk locations.
- Update third‑party risk questionnaires to include hardware‑glitch resistance testing and firmware‑integrity verification.
Technical Notes — The exploit leverages a voltage‑glitch (hardware fault injection) to skip the ARM Cortex memory‑protection setup and corrupt a memcpy operation during boot‑ROM header read. Because the vulnerability resides in the silicon boot ROM, it is considered unpatchable by software updates. The attack grants the ability to load unsigned code at every layer, access the security processor, and decrypt protected game and firmware assets. Source: Schneier on Security