Xbox One Hacked: Unpatchable Exploit Allows Unsigned Code | Bruce Schneier

March 23, 2026 Rachel Kim – Technology Editor Technology

The original Xbox One console has been successfully hacked, over a decade after its initial release, by a security researcher known as “Bliss.” The exploit, detailed by TechSpot and reported by Boing Boing, targets the console’s boot ROM at the silicon level, rendering any software patch ineffective.

Unlike previous attempts that relied on reset glitching, Bliss focused on manipulating the CPU voltage rail. The researcher developed new hardware introspection tools to analyze the Xbox One’s internal operations, as the system’s architecture was not readily accessible for examination. The attack hinges on a sequence of two precisely timed voltage glitches. The first circumvents the ARM Cortex memory protection loop, even as the second targets the header read operation during the Memcpy process, allowing for the execution of attacker-controlled code.

According to Bliss, This represents a complete compromise of the console. It enables the loading of unsigned code at all levels, including the Hypervisor and operating system. Crucially, the exploit also provides access to the security processor, allowing for the decryption of games, firmware, and other protected content. Microsoft has not yet commented on the vulnerability.

The implications of this hack extend beyond simple piracy. Security experts suggest it could allow for extensive modification of the console’s software, potentially enabling homebrew development or the creation of custom firmware. The unpatchable nature of the exploit, stemming from its hardware-level attack on the boot ROM, presents a significant challenge for Microsoft and raises questions about the long-term security of older gaming consoles. Bruce Schneier, a noted security technologist, has previously commented on the inherent difficulties in securing complex hardware systems against determined attackers.

The vulnerability was discovered and publicized on March 23, 2026, twelve years after the Xbox One’s initial release. Microsoft has not announced any plans to address the issue.

,