• United States



Hackers Break Microsoft’s Kinect Security

Nov 07, 20104 mins
Data and Information SecurityMicrosoftOpen Source

Only a few days after Microsoft launched its Kinect motion-sensing game system, hackers seem to have broken its security.

A few days after Microsoft launched its Kinect motion-sensing game system, hackers seem to have broken the security behind Kinect.

On the day Kinect went on sale, Adafruit Industries, an open source hardware developer, announced a $1,000 bounty for the first person or group to develop an open source driver for Microsoft’s Kinect. One of Adaruit’s leaders, Make magazine Senior Editor Phillip Torrone, told CNET, “Adafruit is hoping someone will figure out how to use Kinect in education, robotics, or ‘fun outside the Xbox.’ We think First Robotics could use this. We think educators could use this. Look at all the cool stuff people did with the Wii remote.” Adafruit is also led by MIT Media lab alumni Limor Fried, but it was Torrone who told CNET, “It’s amazing hardware that shouldn’t just be locked up for Xbox 360. Its ‘radar camera’ being able to get video and distance as a sensor input from commodity hardware is huge.”

Kinect allows gamers to play motion-sensing games without any game controller. It has a $149 price tag as an add-on for the Xbox 360 video game. It is rumored that Microsoft plans to use Kinect-like technology, such as motion sensing capabilities, in a future Windows release. Microsoft was not even slightly pleased about the bounty offer.

The Big M emailed CNET this response. “Microsoft does not condone the modification of its products. With Kinect, Microsoft built in numerous hardware and software safeguards designed to reduce the chances of product tampering. Microsoft will continue to make advances in these types of safeguards and work closely with law enforcement and product safety groups to keep Kinect tamper-resistant.”

That answer from Microsoft prompted Adafruit to jump the bounty to $2,000 for an open source driver for Kinect. All of this happened on November 4th, but today, November 7th, Gizmodo reports that Microsoft Kinect has allegedly already been hacked.

AlexP at NUI Group forums posted, “First test of controlling the Kinect from a PC. Outlook looks good for other sensors of the device.” Here is the video of “The Kinect Robot aka Johnny 5 is alive!”

The video seems to show that the hacker has taken control of the security behind Kinect, moving it up and down via PC control. This may be the first step toward building a complete driver for Kinect. The poster seemed optimistic about getting the other sensors, such as body recognition said, to work.

Besides Kinect’s security seeming to have been compromised, Kinect users are sharing some their silly experiences. One day after Kinect went on sale, writer Phil Villarreal posted, “A public service announcement: Do not under any circumstances play Kinect Sports Volleyball at 1:30 a.m. while standing under a ceiling fan with a dangling chain for a light switch. You could conceivably spike it into your year-old amazing TV, causing it to die with a rainbow LCD teardrop dripping down from the impact wound.”

From a privacy standpoint, one gamer discovered the drawbacks to oversharing via naked gaming and Kinect’s ability to take pictures during the game. GamePron reported on a gamer who had rude awakening while playing Kinect-enabled Dance Central.


I was trying out the Kinect Dance Central game and I was getting hot so I took off my clothee. I had no idea that the game was going to take A BUNCH OF PICTURES OF ME WHILE DANCING WITH NO CLOTHES ON!!! I can go back and look at these pictures but HOW DO I DELETE THEM?!!! HELP!!!!”[sic]

Yes, those pictures can be deleted.

Like this? Check out these other posts:

  • All of today’s Microsoft news and blogs
  • Microsoft Proposes Each PC Needs A Health Certificate or No Net Access Allowed
  • Microsoft Considering Encryption For Bing
  • Microsoft’s Davis on Privacy: Your Digital Life Data is Bankable Currency
  • ACLU Report: Spying on Free Speech Nearly At Cold War Level
  • Full-Body X-Ray Scanners Driving Down A Street Near You?
  • Facial recognition: Identifying faces in a crowd in real-time
  • Microsoft’s Live@edu email not encrypted on cloud servers
  • Cyber-Warfare: U.S. Military Hackers and Spies Prepare to Knock the World Offline
  • Kinect Long Term Privacy Issues Daunting?

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.