It’s Easy Getting Credit Card Info Off USED XBOX 360s. Great.

The next Xbox isn’t that far off, and you’ve started to plan what you’re going to do with your current 360. You could consider hanging on to it to play your games, or you could consider trading it in for $2.93 and a handshake. However even if you really want that near-$3, it may be better keeping that shit in a closet somewhere.

Boing Boing:

A group of researchers at Drexel University have demonstrated a method of recovering credit card details and other sensitive information from used Xbox 360s, even after they have been “reset to factory defaults.” The method is straightforward and uses readily available tools. Ashley Podhradsky, one of the Drexel researchers, says, “Microsoft does a great job of protecting their proprietary information. But they don’t do a great job of protecting the user’s data.”

Which is to say that Microsoft is spending a lot of money and resource in ensuring that your Xbox 360 only runs software that is authorized by Microsoft (like Apple and iOS and Nintendo and the Wii/3DS, Microsoft charges money for the right to sell software that will play on your device). But they don’t pay any particular attention to protecting your interests as the owner of the device.

What’s more, the Digital Millennium Copyright Act, which regulates the breaking of software locks, makes it illegal to investigate the internal workings of devices like the Xbox 360, and to publish the details of your findings, where those findings might also aid people in choosing to run unauthorized software on their own property.

Podhradsky, along with colleagues Rob D’Ovidio and Cindy Casey at Drexel and Pat Engebretson at Dakota State University, bought a refurbished Xbox 360 from a Microsoft-authorized retailer last year. They downloaded a basic modding tool and used it to crack open the gaming console, giving them access to its files and folders. After some work, they were able to identify and extract the original owner’s credit card information.

We reached out to Microsoft for comment on this issue, but as of press time, they have not yet responded.

Podhradsky isn’t even a gamer, she says. For seasoned modders and hackers, the process might be even easier.

“A lot of them already know how to do all this,” she said. “Anyone can freely download a lot of this software, essentially pick up a discarded game console, and have someone’s identity.”

…”I think Microsoft has a longstanding pattern of this,” Podhradsky said. “When you go and reformat your computer, like a Windows system, it tells you that all of your data will be erased. In actuality that’s not accurate–the data is still available… so when Microsoft tells you that you’re resetting something, it’s not accurate. There’s a lot more that needs to be done.”

I don’t have a used Xbox floating out there in the miasma. The first one of mine that went all RROD on my ass was dedicated to science: namely my friends and a bunch of tools like a hammer and shit, while the hard drive was stuffed into a closet at my parents’ house. How about you folks?