Researchers have recently announced a vulnerability in PC hardware enabling attackers to wipe the disk of a victim’s computer. This vulnerability, going by the name Joykill, stems from the lack of proper validation when enabling manufacturing system tests.
Joykill affects the IBM PCjr and allows local and remote attackers to destroy the contents of the floppy diskette using minimal interaction. The attack is performed by plugging two joysticks into the PCjr, booting the computer, entering the PCjr’s diagnostic mode, and immediately pressing button ‘B’ on joystick one, and buttons ‘A’ and ‘B’ on joystick two. This will enable the manufacturing system test mode, where all internal tests are performed without user interaction. The first of these tests is the diskette test, which destroys all user data on any inserted diskette. There is no visual indication of what is happening, and the data is destroyed when the test is run.
A local exploit destroying user data is scary enough, but after much work, the researchers behind Joykill have also managed to craft a remote exploit based on Joykill. To accomplish this, the researchers built two IBM PCjr joysticks with 50-meter long cables.
Researchers believe this exploit is due to undocumented code in the PCjr’s ROM. This code contains diagnostics code for manufacturing burn-in, system test code, and service test code. This code is not meant to be run by the end user, but is still exploitable by an attacker. Researchers have disassembled this code and made their work available to anyone.
As of the time of this writing, we were not able to contact anyone at the IBM PCjr Information Center for comment. We did, however, receive an exciting offer for a Carribean cruise.
28 thoughts on “Joykill: Previously Undisclosed Vulnerability Endangers User Data”
Dear God, I hope all of the PCjr. machines are tits up by now..
We had one. I learned how to read/spell a lot of words playing King’s Quest (the first one).
Interesting. An April Fool’s Joke in January. But they claim that there’s code available for it. Now who has one of those failures to try it out?
Hide yo kids, hide yo wife, hide yo floppies
This is a devastating blow to IBM, it might even be fatal to them, cementing Commodore’s place as the affordable home computing king!
It looks like this has been exploitable for ages, too! I wonder if NSA was using this exploit through all this time…
“Hi…we’re here from the NSA. We were wondering if you’d allow us to play with your joysticks?”
Put me down as skeptical.
Still waiting for confirmation if it affects other manufacturer´s products. There are rumors that the MSX1 and MSX2 are vulnerable, but not confirmed yet.
I feel so self righteous running a 68k system.
Self righteous, 68k system.. hrm, you must be a fellow Amiga user ;)
I would patch for this, but since all my PCjrs are mining BitCoin I hate to take them offline.
My God! What units do you use to describe the amount of time between each successful coin acquisition.
I’ve just discovered a serious timing exploit in battery backed Disk-on-RAM-banks…
I call the attack BrainDead because of the human brain… when the power is gone it is dead… lost forever!
The timing attack requires the attacker to wait 10years or more from implementation before pulling power to the RAM bank.
This can be remotely exploited by finding out the supplying sub-station and causing the sub-station to shut off out-going supply.
These “exploits” on such old equipment just bring a smile to my face, because of recent events with hardware and firmware exploits. :D
How many industries, businesses and governments are using “such old equipment”? Lots…
WAIT..DID YOU ALL MISS THIS: https://retro.moe/unijoysticle/
All this needs is a vanity website like “joykillexploit.com” and we will have reached peak parody.
Already has the logo. Though I would have gone with a bleeding joystick myself…
I like it. Maybe a tongue sticking out of the joystick base and Xes over the “eye” buttons.
Fun times :)
“50-meter long cables” nice touch
Add ESP8266-based extenders with encryption off, then it can be easily exploited over wireless!
How will I ever be able to play King’s Quest in 16 colors again?!?
Hopefully this is all in jest. If not, I would like to keel haul, throw in irons, and perhaps introduce the gunners daughter – to the incompetent bureaucrat that signed off any taxpayer funded grant to these “researchers” ! Another stirling example of waste in the name of “research”. Right up there with grant money for trying to figure out why gay men hang out in gay bars. Lord help us all !
If it makes you feel any better; I’m just finishing up an NIH grant application to study the ergonomics of typing with an enormous chip on your shoulder.
Sweet government cash will be mine!
I can’t read this in any voice other than that of Ron Swanson.
Could be legit, but so is the fact that the guys name means Dick Cheese.
Wow, this is going to ruin IBM… they are almost entirely reliant on their PCjr sales. Sell the stock whilst you still have the chance!!!!
Please be kind and respectful to help make the comments section excellent. (Comment Policy)