Microsoft Xbox One Hacked - Schneier on Security

Summary

Security researcher Gaasedelen has successfully hacked the Microsoft Xbox One using a novel voltage glitching technique called Bliss, which exploits the CPU voltage rail to bypass memory protection during boot. The attack is unpatchable as it targets the immutable boot ROM in silicon, granting complete console compromise including access to the Hypervisor, OS, security processor, and encrypted game/firmware content. This represents a decade-long effort to compromise a locked-down consumer device through sophisticated hardware introspection.

Full text

Microsoft Xbox One Hacked It’s an impressive feat, over a decade after the box was released: Since reset glitching wasn’t possible, Gaasedelen thought some voltage glitching could do the trick. So, instead of tinkering with the system rest pin(s) the hacker targeted the momentary collapse of the CPU voltage rail. This was quite a feat, as Gaasedelen couldn’t ‘see’ into the Xbox One, so had to develop new hardware introspection tools. Eventually, the Bliss exploit was formulated, where two precise voltage glitches were made to land in succession. One skipped the loop where the ARM Cortex memory protection was setup. Then the Memcpy operation was targeted during the header read, allowing him to jump to the attacker-controlled data. As a hardware attack against the boot ROM in silicon, Gaasedelen says the attack in unpatchable. Thus it is a complete compromise of the console allowing for loading unsigned code at every level, including the Hypervisor and OS. Moreover, Bliss allows access to the security processor so games, firmware, and so on can be decrypted. Tags: hacking, Microsoft Posted on March 23, 2026 at 7:01 AM • 0 Comments

Indicators of Compromise

• malware — Bliss