Games consoles like the Sony PS3 and Nintendo Wii are vulnerable to malicious viruses and phishing attacks. That's according to Symantec, which has been researching the security vulnerabilities of home appliances.
"We've already seen a piece of malicious code which advertised itself as a mod, a firmware unlocker for the Sony PSP. But if you were to run it, you would have bricked your PSP. It was irrecoverable," Symantec's Ollie Whitehouse told Tech.co.uk.
"Symantec has recently been using the Nintendo Wii to demonstrate that the vulnerabilities that exist on one platform are very likely to exist to some extent on other platforms such as games consoles. Our Security Response Operations Team identified that there was a vulnerability within the Adobe Flash Player on the Windows platform.
"Then they demonstrated that it worked on the Macintosh and then finally they attempted it with the Wii as well and we found that the Wii was just as susceptible to the same vulnerability."
Wii viruses just around the corner?
Whitehouse said that as most games consoles are now connected to the internet, they might be just as vulnerable to hacks, viruses and phishing attacks as home computers.
"As we access the web on all these different devices, we inherit web problems such as phishing - those types of online attacks and potentially malicious code as well," he said. "These are definitely problems for the future which need to be addressed."
While serious threats from malicious code and viruses are probably still around five years away, Whitehouse said that the immediate threat comes from phishing. The Nintendo Wii has a full web browser but no phishing protection. This means that if an unsuspecting person clicks a link in their email, they could easily be phished because there is no anti-phishing toolbar in the Wii's browser.
"In terms of how bad it could get, it's conceivable at least in the short term that phishing attacks could become commonplace via a games console browser. The Wii lends itself very well to that," Whitehouse said.
Consumer electronics next?
"Malicious code attacks on consoles are unlikely to happen in the next two years, but potentially after that they may become a more tantalising target. This Macromedia bug shows that the vulnerabilities exist and they are exploitable for someone determined enough.
"How long before we see remote arbitrary code execution-type vulnerabilities? I think proof of concept we'll see them within two years. Maybe not mass usage for another five years.
"The PC is still such a ripe target - they don't have to change how they work. The people who want the intellectual challenge will do it first and then maybe if the PC becomes substantially harder to attack they will start to move to the consumer electronics area."
Whitehouse also said that the Microsoft Xbox 360 is more secure than the Nintendo Wii and Sony PlayStation 3 due to the security implemented in every 360 game and piece of software.
Ollie Whitehouse is a software architect with Symantec's advanced threat research team.
