Unknown consoles and users are causing fresh headaches for IT staff.
Speaking at the RSA Conference Europe, Christopher Boyd, senior threat researcher at GFI Software, said current consoles are designed for digital media rather than physical software, and there is evidence of tools that have been built to explore data on them.
Referencing a 2010 survey of 200 IT managers, GFI Software found that 49 per cent had a console in the workplace, and 44 per cent had a connected console. It also found that 80 per cent had no record of who was using a console.
Boyd said: “An Xbox 360 account can be tied to a Windows Live ID, so if you lose one, you could lose a corporate identity. So if someone does steal your account and you use the same password for both your corporate and online gaming accounts, it does pay to keep an attack in mind.”
To create a policy that allows connected consoles to be used in a work environment, Boyd advised putting someone in charge of console management, keep a log of users and ensure passwords are changed regularly. He also advised against using a corporate identity in a username as that could make a user a target, and to keep a low profile “as people will ask questions about you while you are shooting aliens”.