Sony Sues PS3 Hackers

Worldwide, National, Personal. If it's News to you, it's News to us.

Moderators: hippie_mama, verdilak

Sony Sues PS3 Hackers

PostPosted by verdilak » Wed Jan 12, 2011 2:41 pm wrote:Sony has today taken legal action against hackers who broke through the PlayStation 3’s security, potentially exposing the platform to rampant piracy.

Sony Computer Entertainment America has filed a suit against George Hotz (GeoHot), Hector Martin Cantero and Sven Peter (fail0verflow), and one hundred “does”, or unnamed defendants.

Sony contends that the defendants “circumvented effective technological protection measures … employed by SCEA to protect against unauthorized access to and/or copying of … PlayStation 3 computer entertainment systems … and other copyrighted works.”

Hotz, Cantero and Peter have variously created custom firmware and released the PlayStation 3’s root key, allowing anyone to certify any software to run on the PlayStation 3 as if it had been signed by Sony.

In the suit, Sony claims that the defendants “trafficked in circumvention technology, products, services, methods, codes, software tools, devices, component or part thereof, including but not limited to the Elliptic Curve Digital Signature Algorithm Keys, encryption and/or decryption keys, dePKG firmware decrypter program, Signing Tools, 3.55 Firmware Jailbreak, and/or any other technologies that enable unauthorized access to and/or copying of PS3 Systems and other copyrighted works.”

Sony currently seeks a temporary restraining order and an order of impoundment.

Make no mistake: Sony is pissed about this, because all PS3s everywhere are absolutely, irrevocably compromised. The boot signing key has been released, and the complementary public key is burned into the ROM of all existing consoles. This means that anyone, anywhere, can write any firmware they like, and make it look as though it has been 'blessed' by Sony.

All the other keys have been compromised too, but the loss of the boot key means that they can't be replaced with new ones. No matter what Sony does, any authorization scheme that depends on the PS3 to attest to anything or decrypt anything can be broken, because hackers can boot new custom firmware to analyze the code and/or extract the new keys. They can then modify the local firmware to simulate any test Sony is trying to run, and baldfacedly lie about the results.

This also means that BluRay is irrevocably compromised, because any new decryption keys that Sony issues can be extracted from the firmware. It was broken already, but now it'll be relatively trivial to get new decryption keys for BluRay, instead of taking some work each time.

It means that, for any game security to exist at all on the PS3, it will have to all be reimplemented server-side, and it will likely be limited to PC-type DRM approaches. And Sony can't patch BluRay at all, unless they're either willing to force a phone-home decryption method (which may also be crackable with custom firmware), thus invalidating all the non-networked BluRay players in the world, or else invalidate every PS3 they've ever shipped and start over from zero.

So they're really, really angry; they have no reasonable way to lock people into using their content the way Sony wants them to. I doubt they'll prevail in court, but they have craploads of money, and are probably going to try to bankrupt George Hotz and the failOverflow team.

Both the 360 and the Wii have been cracked for a long time, and both seem to be doing just fine, and BluRay was independently cracked years ago. In terms of actual fiscal impact on Sony, it probably wouldn't matter that much; the real customers will keep buying software. But Sony will be much more dependent on the goodwill of its customers, rather than being able to make them subservient through technical means, and it strikes me that these lawsuits are perhaps not the best way to generate goodwill.

Likewise, it appears to have only been goodwill that kept the PS3 unhacked this long. When OtherOS existed, hackers weren't very interested in trying to crack the system as a whole. Sony didn't expose the graphic hardware to Linux, however, and that's what drove George Hotz to originally crack the hypervisor.... and which prompted Sony to immediately remove OtherOS from all those millions of machines. And that, in turn, sparked the failOverflow team... angry that they had lost a feature they paid for, they blew the entire security edifice into sand.

Having open hardware, in other words, was a security feature, not a bug. The PS3 was more open than the alternatives, and in direct consequence, its security lasted much, much longer. Some of the hardware was still inaccessible, and the original crack came about to try to get at it. Sony reacted by closing the system down, and the resulting crack to to re-open it took down their entire security system.

Letting people use the hardware they paid for is a very good idea.
"I'm imagining Kiera Knightly, Katherine Zeta-Jones, Angelina and Meg Fox sitting around your map wearing bandanas vigorously shaking fists full of d20s." - Aval Penworth, in regards to a map I made
"We're talking about the GM that made us fight giant Fruit, Verd is totally unpredictable." - Nikurasu (one of my players)
Everyone is an atheist about some gods, we just went one god further. - Richard Dawkins
Ism's in my opinion are not good. A person should not believe in an -ism, he should believe in himself. I quote John Lennon, "I don't believe in Beatles, I just believe in me."--Ferris Bueller, 1986
To the human body, a spoonful of flour and a spoonful of sugar are identical.
"Seeing, contrary to popular wisdom, isn't believing. It is where belief stops, because it isn't needed any more." - Terry Pratchett, Pyramids
User avatar
Posts: 8757
Joined: Sun Jul 27, 2008 2:34 am
Favorite System: TS, GG, SoZ, ect.
Security: NO

Return to Current Events!

Who is online

Users browsing this forum: No registered users and 0 guests