Given that it held up against 13 years of dedicated efforts by people with physical access to the device, many years after its successor was launched, it seems merited in this case.

This talk about some of what went into it is fascinating: https://youtu.be/quLa6kzzra0

I wish people would take statements in relative terms along with the whole context before attempting to refute them with a quick gotcha in absolute terms.

Obviously nothing is ever unhackable, not even Fort Knox, given infinite time and resources, and Microsoft never made such claims, this is just media editorializing for clicks and HN eating the bait, but Xbox One was definitely the most unhackable console of its generation. Case in point, it took 13 years of constant community effort to hack a 499$ consumer device from 2013. PS4 and iPhones of 2013 have also been jailbroken long ago.

Therefore, even the click-bait statement with context in relative terms is 100% correct, it truly was unhackable during the time it was sold and relative to its peers of the time.

In the very strict interpretation probably nothing is unhackable, just not hacked yet. But one should also be pragmatic about what "unhackable" means in context. Without the power of hindsight, a consumer device that stayed unhacked for ~13 years can be reasonably called unhackable during this time.

Microsoft released a video that covers effectively all of the Xbox One security system, and it's referred to extensively in the talk. The specific methods of glitching don't require any insider knowledge.

The presentation notes that this hack currently only works with the first revision of silicon. Later variants have more protections, like some anti-glitching tech that wasn’t quite debugged for the early units being enabled for later runs, and further changes with the security / reset subsystems being split into two separate cores with revised consoles like the the One X. So these would be more of a challenge, even if there’s now an angle of attack to investigate.

> assuming they continue making Xbox

It sounds like that's the plan:

https://news.xbox.com/en-us/2026/03/11/project-helix-buildin...

The earliest example I know of for this is CLKSCREW, but security hardware (like for holding root CA private keys) was hardened against this stuff way before that attack.

Has anyone heard of notable earlier examples?

It's fascinating - how does one defend against an attacker or red-team who controls the CPU voltage rails with enough precision to bypass any instruction one writes? It's an entirely new class of vulnerability, as far as I can tell.

This talk https://www.youtube.com/watch?v=BBXKhrHi2eY indicates that others have had success doing this on Intel microcode as well - only in the past few months. Going to be some really exciting exploits coming out here!

I'm just excited at the opportunity to re-purpose my old launch day XBone as some kind of little homelab linux box.

Xbox One homebrew has effectively always been supported. Anyone can register a development account and boot the system into dev mode. IIRC in a talk about console security, a Microsoft developer noted that this was an intentional deterrent against hacking. An effort to split the community so that pirates and homebrew enthusiasts wouldn't have a reason to collaborate.

Thanks for the mention! I helped with the collateral damage exploit (wrote the PE loader).

I didn't ask but Emma -- who wrote the kernel-mode exploit -- and I would probably agree that Collat is not really what we would consider a proper hack of the console since it didn't compromise HostOS. Neither of us really expected game plaintext to be accessible from SRA mode though.

I’m pretty skeptical of that lesson. This took 13 years and it’s cheap mass-market hardware.

This seems like an unqualified win for the security measure. The future value of Xbox One DRM is probably close to zero. They already got what they wanted out of it.

One of the DRM circumvention methods for the Xbox 360 involved precision drilling a specific depth into one of the chips on the board. Microsoft was very aware of the nature of physical access while designing this, haha.

You do have a credit card, right?

I think this might be a good example of the fundamental misunderstanding of what "security" even is. It is never a binary state. Never was. And I think a lot of people don't really grok that and think that if a security block can be overcome in some manner then the thing is not secure.

Eventually Fort Knox will succumb to the unrelenting arrow of time and some future visitors will simply step over the crumbling wall and into the supposedly "secure" area.

I can give you a piece of paper with a one time pad encoded secret, where the one time is physically destroyed. You can take all the time you want but you will not crack anything…

i find this statement is often used as an excuse to not think about security at all. which is probably not what you intended here (i hope, although you did say "pointless"...), but some people parrot it for that purpose.

a) this was a security win. millions and millions of people had physical access to the device for over a decade, and only the first version of that device has been hacked.

b) as others have said, security is not all-or-nothing. the xbox one is extremely secure, despite not being perfectly secure