Executive Summary
In March 2026, security researcher Markus 'Doom' Gaasedelen unveiled a hardware-based exploit named 'Bliss' that successfully compromised Microsoft's Xbox One console, which had been considered 'unhackable' since its 2013 release. Utilizing a technique called Voltage Glitch Hacking (VGH), Gaasedelen applied two precise voltage disturbances to the CPU's voltage rails during the boot process. These glitches bypassed the memory protection setup and exploited a memcpy operation, allowing the execution of attacker-controlled code. This method grants complete system control, enabling the loading of unsigned code at all levels, including the Hypervisor and OS, and is deemed unpatchable as it targets the boot ROM embedded in hardware. The 'Bliss' exploit has significant implications for digital archivists and the development of emulation and modding tools for the Xbox One platform. (tomshardware.com)
Why This Matters Now
The 'Bliss' exploit underscores the evolving sophistication of hardware-based attacks, highlighting the need for robust security measures in both current and future hardware designs. As similar techniques may emerge, it's crucial for manufacturers to proactively address potential vulnerabilities to safeguard their systems against such unpatchable exploits.
Attack Path Analysis
The attacker initiated the compromise by exploiting hardware vulnerabilities in the Xbox One's boot ROM through precise voltage glitching, bypassing memory protection and executing unauthorized code. This led to the attacker gaining elevated privileges, allowing control over the hypervisor and operating system. With these privileges, the attacker could move laterally within the system, accessing the security processor and decrypting sensitive data. The compromised system could then establish command and control channels, enabling remote execution of unsigned code. Subsequently, the attacker could exfiltrate decrypted games, firmware, and other sensitive information. Ultimately, this resulted in a complete system compromise, allowing for persistent unauthorized access and control over the console.
Kill Chain Progression
Initial Compromise
Description
The attacker exploited hardware vulnerabilities in the Xbox One's boot ROM using precise voltage glitching techniques to bypass memory protection and execute unauthorized code.
MITRE ATT&CK® Techniques
Hardware Additions
Abuse Elevation Control Mechanism
Indirect Command Execution
Subvert Trust Controls
Modify System Image
OS Credential Dumping
Valid Accounts
Inhibit System Recovery
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – System and Application Security
Control ID: 6.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 5
CISA ZTMM 2.0 – Device Security
Control ID: 3.1
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Games
Xbox One hardware exploitation enables complete console compromise, allowing unsigned code execution and decryption of games, threatening intellectual property protection.
Entertainment/Movie Production
Gaming console hardware vulnerabilities could expose entertainment content delivery systems to similar voltage glitching attacks, compromising digital rights management.
Consumer Electronics
Unpatchable boot ROM attacks demonstrate critical firmware security gaps in consumer devices, requiring enhanced hardware protection against voltage glitching techniques.
Semiconductors
Hardware exploitation targeting CPU voltage rails and ARM Cortex memory protection exposes fundamental silicon-level vulnerabilities requiring architectural security improvements.
Sources
- Microsoft Xbox One Hackedhttps://www.schneier.com/blog/archives/2026/03/microsoft-xbox-hacked.htmlVerified
- Microsoft's 'unhackable' Xbox One has been hacked by 'Bliss' - the 2013 console finally fell to voltage glitching, allowing the loading of unsigned code at every levelhttps://www.tomshardware.com/video-games/console-gaming/microsofts-unhackable-xbox-one-has-been-hacked-by-bliss-the-2013-console-finally-fell-to-voltage-glitching-allowing-the-loading-of-unsigned-code-at-every-levelVerified
- The original Xbox One has reportedly been jailbroken - yes, the 2013 onehttps://www.windowscentral.com/gaming/xbox/the-original-xbox-one-has-reportedly-been-jailbroken-yes-the-2013-oneVerified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could have limited the attacker's ability to move laterally and exfiltrate sensitive data by enforcing strict segmentation and controlled egress policies.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: While Aviatrix Zero Trust CNSF primarily focuses on network-level controls, it may not directly prevent hardware-based initial compromises.
Control: Zero Trust Segmentation
Mitigation: Aviatrix Zero Trust Segmentation could have limited the attacker's ability to escalate privileges by restricting access to critical system components.
Control: East-West Traffic Security
Mitigation: Aviatrix East-West Traffic Security could have restricted the attacker's lateral movement within the network, limiting access to sensitive components.
Control: Multicloud Visibility & Control
Mitigation: Aviatrix Multicloud Visibility & Control could have detected and limited unauthorized command and control communications.
Control: Egress Security & Policy Enforcement
Mitigation: Aviatrix Egress Security & Policy Enforcement could have restricted unauthorized data exfiltration by controlling outbound traffic.
While Aviatrix Zero Trust CNSF could have limited the attacker's lateral movement and data exfiltration, the initial hardware compromise may have still led to significant system impact.
Impact at a Glance
Affected Business Functions
- Firmware Integrity
- Software Security
- Digital Rights Management
Estimated downtime: N/A
Estimated loss: N/A
Potential exposure of proprietary firmware and software code.
Recommended Actions
Key Takeaways & Next Steps
- • Implement hardware-based security measures to detect and prevent voltage glitching attacks.
- • Enhance memory protection mechanisms to prevent unauthorized code execution.
- • Strengthen access controls to limit privileges and prevent lateral movement within the system.
- • Monitor system activity for signs of unauthorized access or control channels.
- • Regularly update and patch systems to address known vulnerabilities and prevent exploitation.
