Restoring Factory Settings Fails To Protect Owner Information

It has been reported that Drexel University security investigators are claiming that they have been successful in pulling classified owner information from the hard drives of older models of the Microsoft Xbox 360’s gaming system. Allegedly, the researchers have stated that, even though the units had been reset to their original factory settings, they were able to recover sensitive owner information, like folders, files and essential credit card data. This was reportedly accomplished by utilizing a basic modding device which they had downloaded and is readily available online at no cost.

According to reports, Microsoft must first establish whether all models of the Xbox 360 and the USB devices used in the transfer of profiles, collect and store user data. In addition, it has been reported that Microsoft will need to determine why the factory reset procedure is not successful in the deletion of this critical information and how their customers can safeguard personal account information if they choose to sell their units. It has allegedly been recommended that, if you are considering selling your console, you should format the HDD by using software that transcribes 1’s and 0’s straight to them.

Tech News Brought To You By http://OptimizationTutor.com

 

Discussion Info


Last updated July 4, 2018 Views 12 Applies to:

I remember seeing this before, if I recall correctly, the article I read said words like 'Possibly' and 'Probable'.

I REALLY doubt this is true, and I didn't see any proof. So I'm calling BS.  

[quote user="SpeedyBlueDude"]

I remember seeing this before, if I recall correctly, the article I read said words like 'Possibly' and 'Probable'.

I REALLY doubt this is true, and I didn't see any proof. So I'm calling BS.  

[/quote]

Unfortunately, it's true. It's the way file systems are designed. When a file/folder is deleted, it doesn't just suddenly disappear from the drive. Those bits of data making up that file are *marked* for deletion. The next time something is written to the drive, it may overwrite that cluster of data that made up an old file, or it may overwrite another cluster of data... that's why the words 'Possibly' and 'Probable' were used in the article you read. If the file hasn't been completely overwritten, it can be recovered and extracted.

If someone plans to sell their 360 hard drive or storage device, I wouldn't recommend using 3rd party software to reformat the drive. You risk the possibility of damaging the file system and making the drive inoperable. However, I do recommend using security precautions such as changing your password and forcing password entry on other consoles (via Guide Menu - Account Management).

If someone plans to sell their personal storage device -- like an old PC hard drive you want to get rid of -- by all means, use a formatting tool that writes random bits to the drive or perform a low-level format. 

[quote user="CroutonCrusader"]

[quote user="SpeedyBlueDude"]

I remember seeing this before, if I recall correctly, the article I read said words like 'Possibly' and 'Probable'.

I REALLY doubt this is true, and I didn't see any proof. So I'm calling BS.  

[/quote]

Unfortunately, it's true. It's the way file systems are designed. When a file/folder is deleted, it doesn't just suddenly disappear from the drive. Those bits of data making up that file are *marked* for deletion. The next time something is written to the drive, it may overwrite that cluster of data that made up an old file, or it may overwrite another cluster of data... that's why the words 'Possibly' and 'Probable' were used in the article you read. If the file hasn't been completely overwritten, it can be recovered and extracted.

If someone plans to sell their 360 hard drive or storage device, I wouldn't recommend using 3rd party software to reformat the drive. You risk the possibility of damaging the file system and making the drive inoperable. However, I do recommend using security precautions such as changing your password and forcing password entry on other consoles (via Guide Menu - Account Management).

If someone plans to sell their personal storage device -- like an old PC hard drive you want to get rid of -- by all means, use a formatting tool that writes random bits to the drive or perform a low-level format. 

[/quote]

MS said that the Xbox doesn't ever store credit card info locally. Source: http://www.joystiq.com/2012/03/30/microsoft-responds-to-xbox-360-hard-drives-storing-credit-card-i/

My reply was only in reference to (deleted) data being restored off of a hard drive. I should have been more clear in my post. I can't comment on details about what is or what isn't stored on the hard drive.