The Microsoft Kinect Spy System

Monday, August 27th, 2012 at 9:36 am.

Guest post by by Alphonse

So you just got the Kinect/Xbox360 gaming system and you’re having fun, hanging out in your underwear, plopped down in your favorite lounge chair, and playing games with your buddies. Yeah, it’s great to have a microphone and camera in your game system so you can “Kinect” to your pals while you play, but did you read that Terms of Service Agreement that came with your Kinect thingy? No? Here, let me point out an important part of that service agreement.

If you accept the agreement, you “expressly authorize and consent to us accessing or disclosing information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft, our partners, or our customers, including the enforcement of our agreements or policies governing your use of the Service; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public.”

Did you catch that? Here, let me print the important part in really big letters.

“If you accept the agreement, you expressly authorize and consent to us accessing or disclosing information about you, including the content of your communications… on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public.”

OK, is that clear enough for ya? When you use the Kinect system, you agree to allow Microsoft (and any branch of law enforcement or government they care to share information with) to use your Kinect system to spy on you. Maybe run that facial recognition software to check you out, listen to your conversations, and keep track of who you are communicating with.

I know this is probably old news to some, but I thought I would mention it because it pertains to almost all of these home game systems that are interactive. You have to remember, the camera and microphone contained in your game system has the ability to be hacked by anyone the game company gives that ability to, and that includes government snoops and law enforcement agents.

Hey, it’s MICROSOFT. What did you expect?

And the same concerns apply to all interactive game systems. Just something to think about if you’re having a “Naked Wii party” or doing something illegal while you’re gaming with your buddies. Or maybe you say something suspicious and it triggers the DHS software to start tracking your every word. Hey, this is not paranoia. It’s spelled out for you, right there in that Service Agreement. Read it! Here’s one more part of the agreement you should be aware of.

“You should not expect any level of privacy concerning your use of the live communication features (for example, voice chat, video and communications in live-hosted gameplay sessions) offered through the Service.”

Did you catch it that time? YOU SHOULD NOT EXPECT ANY LEVEL OF PRIVACY concerning your voice chat and video features on your Kinect box.

12 Responses to The Microsoft Kinect Spy System

  1. Anonymous says:

    Too large to fit inside a post here, so:

    HUGE Security Resource+ – version 6000 – 8/31/12

    good posting about kinect btw!

  2. Anonymous says:

    More news:

    Governments Recruiting Backdoor Authors #germany

    Friday, September 7, 2012 | Posted by Mikko @ 12:17 GMT


    Just couple of years ago, it would have been unthinkable that governments would be openly recruiting trojan and backdoor developers to work for them.

    Yet, that’s exactly what’s happening now.

    For a fresh example, here’s an ad[1] from the website of the German Federal Criminal Police Office (BKA)

    They are looking for a developer. Let’s take a closer look at the job description

    Ihre Aufgabe: Mitarbeit bei der Softwareentwicklung und -pflege zur Schaffung der technischkriminaltaktischen Voraussetzungen zum verdeckten polizeilichen Zugriff auf entfernte Rechnersysteme

    Translated to English:
    Your task: Contribute to the development and maintenance of software to provide covert police access to remote computing systems

    This isn’t new: We know that German Government has been using trojans against their own citizens[2] before. However, they used to buy their trojans[3]. Now it looks like they are developing their own.

    [1] http://www.bka.de/nn_194250/DE/Berufsperspektive/Stellenangebote/11-2012.html
    [1.2] https://www.f-secure.com/weblog/archives/bka_ad2.png
    [2] http://www.f-secure.com/weblog/archives/00002249.html
    [3] http://www.f-secure.com/weblog/archives/00002250.html

  3. Anonymous says:

    FBI begins installation of $1 billion face recognition system across America

  4. Anonymous says:

    Tails security and privacy issue:


    /etc/machine-id in systemd

    “I don’t know what version of udev TAILS uses, but udev as you may know is merged with systemd upstream. This will affect TAILS sooner or later.

    the new systemd version makes use of a /etc/machine-id http://0pointer.de/public/systemd-man/machine-id.html “Programs may use this ID to identify the host with a globally unique ID in the network, that does not change even if the local network configuration changes.”

    Sweet fuck!

    the fix? given that its a 32 character hexidecimal string, its damn easy to generate new ones at random with md5

    the fix from ninja os: add this to rc.local or any other script that runs at bootL:

    chmod 666 /etc/machine-id head -n128 /etc/machine-id chmod 644 /etc/machine-id

    This caught me with my pants down. I am posting this to give you guys a heads up

    -NinjaOS deveopment team”

Leave a Reply

Your email address will not be published. Fields marked * are required.

To prove you're a person (not a spam script), type the security text shown in the picture. Click here to regenerate some new text.
Anti-spam image

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

livelyblog.com | Random blog | Login | Get your own blog | ^^^