PlayStation 3 security fully compromised
Introduction
Sony's PlayStation 3 (PS3) has been viewed as one of the most secure gaming devices. Applications and games from other sources than Sony could not be installed and run on PS3, and a firmware update early in 2010 disallowed using other operating systems than the one set up by Sony. All this is now changed.
During the 27th Chaos Communication Conference (27c3) in Berlin, Germany, at the very end of 2010, one of the presentations by a group called fail0verflow, showed that the PlayStation 3's private encryption key has been found. The technique used would enable installation of any type of software on the PS3, including changing the PS3's firmware by use of an USB stick. It would thereby be possible to install e.g. Linux operating system, as well as applictions and games from other manufacturers than Sony - so-called 'homebrew'. Effectively one could get complete control of the system.
3 January 2011 a U.S. hacker, using then name geohot, published the PS3 private key along with a kind of job application for employment by the gaming console industry:
if you want your next console to be secure, get in touch with me. any of you 3.
it'd be fun to be on the other side.
The fact that this key is publicly known, means that it can be used to sign all types of software and thereby enabling the software to run on PS3 devices.
This private key also works for Sony's handheld PlayStation Portable (PSP).
The first 'custom firmware' for PS3 is already available.
It is supposed to be very difficult - perhaps impossible - for Sony to fix these exploits with current PS3 hardware. However, in a statement given to Edge, Sony states that the company will 'fix the issues through network updates'.
Motivation
The possible motiation for those involved in circumventing the PS3's - and several other devices' - mechanisms for ensuring proprietary control over applications, is said to be wish for more openness. The hackers maintain that it should be possible to install other operating systems than the device vendor's own, as well as running applications (e.g. advanced media software and games) created by diverse developers.
We will not engage in this discussion (at least not in this context). Suffice it to say that this discussion has been going on for decades. Early on closed, proprietary systems were the standard, but recent years the open approach has received many supporters. However, major players still enforce strict control over their systems, Apple is probably the most noteworthy with its strict policy regarding handheld devices (iPhone, iPad, iPod).
Possible implications
Neither fail0verflow nor geohot have published any tools to enable illegal copying of games, and they are allegedly strongly againt piracy. Nevertheless, it is expected that gaming piracy will thrive in the near future as a result of the PS3 security compromise.
One may also expect that other operating systems are installed on PS3 devices, and that several types of new games and other applications are created.
The most interesting question seen from our point of view, however, is whether 'jailbroken' PS3 devices may be a new platform for malicious activity.
We know from history that whenever malicious software progarms are introduced to a new device, a users' 'default' protection mechanisms fail. We are used to be aware of malware distributed through e.g. email, and apply some sound skeptisism regarding opening attachments sent from unknown users. When malware first appeared in Facebook, the users were much more gullible, as the malware appeared in another channel. We have discussed this phenomenon several times, see for example our security article from October 2008.
Most likely the same will occur if 'jailbroken' PS3 devices are targeted as a platform for malware propagation. Spreading malicious software will be very effective since the PS3 users do not expect malware in that context.
The PS3 is a powerful device, and as such might be particularly well-suited for participation in botnets, which are set up to perform Distributed Denial of Service (DDoS) attacks.
The power of PS3 was effectively illustrated by an experiment carried out last month by the Air Force Research Laboratory at Wright-Patterson Air Force Base, Ohio, U.S.A. 1 760 PS3 computers were connected and the computing power equalled about the same as the 35th fastest computer in the world. See this article from AirForce Times for more details. Power at this magnutude to a cybercriminal's disposal must be tempting.
The fact that there are in the range of 50 million PS3 units sold, also makes the potential for malware spreading interesting. Since any application signed by the (now public) secret key from Sony, may be installed on a PS3 device, all these devices are vulnerable also for malware. Social engineering schemes which attempt to install malware on the PS3 device may appear, and PS3 users should from now on set up their mental protection mechanisms: PS3 applications cannot be considered as safe by default any more.
The further development from the PS3 security compromise will be interesting to follow.
