Microsoft’s Xbox One gaming console was released in November 2013 and has never been hacked since. That was until Markus “Doom” Haasedelen demonstrated the Voltage Glitch Hacking (VGH) exploit Bliss at this year’s RE//verse conference, Tom’s Hardware reports.
A security researcher noted that “in 2013, a kind of iron curtain fell on the security of the Xbox ecosystem, and the Xbox One was never breached.” Seven years after its launch, Microsoft engineers still claimed that the Xbox One was “the most secure product Microsoft has ever created.”
The exploit causes two voltage changes in sequence. The first causes the security chip’s memory protection loop to fail to set. The second allows execution to be intercepted during header reading, which opens the way to supervisor-level control. The method only works on the regular 2013 Xbox One console, while the Xbox One S, Xbox One X, and Xbox Series have not been reported to be compromised.
The hacker calls the attack on the hardware platform unpatchable. Thus, the console has been fully compromised, allowing unsigned code to be loaded at every level. What’s more, Bliss provides access to the security processor and software decryption, including games and firmware.
Markus Haasedelen has been publishing work related to Xbox security for years. Among them is a paper on unloading the original Xbox bootloader via JTAG on an Intel processor, presented at RET2 Systems 2023. His talk at RE//verse 2025 was about reverse engineering the original Microsoft Xbox. He noted that he “hasn’t played games in years,” and his experiments are not aimed at piracy. Their goal is to preserve the consoles and their repairability. The hack allows third-party software, including the operating system, to be installed on the Xbox One.
Share:
