iPhone hacker publishes secret Sony PlayStation 3 key

Started by DorsetBoy, Jan 06, 2011, 06:05:42

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

DorsetBoy

http://www.bbc.co.uk/news/technology-12116051

QuoteThe PlayStation 3's security has been broken by hackers, potentially allowing anyone to run any software - including pirated games - on the console

A collective of hackers recently showed off a method that could force the system to reveal secret keys used to load software on to the machine.

A US hacker, who gained notoriety for unlocking Apple's iPhone, has now used a similar method to extract the PS3's master key and publish it online.

Sony declined to comment on the hack. ............. (more)

Rik

Saying Sony decline to comment is a bit superfluous. Did they really expect them to?
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

The only way around this is hardware based, sadly hacking seems to be a joy for those who should use their skills in a better way as I see it. The problem is by breaking into the PS3 I bet down the line it becomes a target for some form of attack, nothing good ever comes of this type of thing.  :shake:
Damned, if you do damned if you don't

pctech

a botnet of zombie PS3s? that really would cause websites some serious bother.


Gary

Quote from: pctech on Jan 06, 2011, 17:16:24
a botnet of zombie PS3s? that really would cause websites some serious bother.


It would, considering how powerful the cell processor is, the USAF ordered 300 PS3's to build their supercomputer back in 2008, the cell proc can encode True HD Video streams live on the fly, it does have 8 cores but in the PS3 it only uses seven. They can run happily at 4Ghz as well although they are underclocked in the PS3.
Damned, if you do damned if you don't

pctech

IBM were selling some servers based on the cell for a while.

It surprised me that they didn't sell that well so Big Blue canned them.


Glenn

Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Quote from: Glenn on Jan 07, 2011, 10:54:02
Looks like Sony could have avoided the key being hacked.

http://www.thinq.co.uk/2011/1/6/ps3-private-key-discovered-through-sony-error/
Hindsight is a wonderful thing, considering how hard its been to hack the PS3 they did pretty well for quite few years now. And that's not really that remarkable as most hacks do tend to involve a problem with the software/firmware of some company who created it in the first place.

I am sure Microsoft/Apple/Adobe could have all avoided a hack if they had not made a mistake in their code...
Damned, if you do damned if you don't

esh

If you're going to have a master private key, it's going to get out sooner or later. I don't see why people are vaguely surprised about this.
CompuServe 28.8k/33.6k 1994-1998, BT 56k 1998-2001, NTL Cable 512k 2001-2004, 2x F2S 1M 2004-2008, IDNet 8M 2008 - LLU 11M 2011

Technical Ben

Quote from: Gary on Jan 06, 2011, 11:11:25
The only way around this is hardware based, sadly hacking seems to be a joy for those who should use their skills in a better way as I see it. The problem is by breaking into the PS3 I bet down the line it becomes a target for some form of attack, nothing good ever comes of this type of thing.  :shake:
Ever buy a toy as a kid? Like kinder surprise? Get told not to open it? Ever!?
I guess there is more to it than that. But a lot of these people are just obsessive. If they can open it, they will. That and the fame. Fame has a big draw. :/
I use to have a signature, then it all changed to chip and pin.

esh

It's partially an objection to Sony telling you what you *can't* do with the hardware you bought, such as running your own code and operating systems. Some of it is indeed the (admittedly impressive) feats they go through to try and get the key out of a piece of hardware. The fact of the matter is, once someone has physical access to a device, it's always only a matter of time before these things are cracked. It's just making it hard enough that it outlives the necessary period. Has that happened for the PS3? I'm not so sure. On the PC, DRM is mostly there to survive the first week of release - it often doesn't - but this is the period in which most sales and hence most profit is made.
CompuServe 28.8k/33.6k 1994-1998, BT 56k 1998-2001, NTL Cable 512k 2001-2004, 2x F2S 1M 2004-2008, IDNet 8M 2008 - LLU 11M 2011

Technical Ben

Quote from: esh on Feb 17, 2011, 15:46:49
It's partially an objection to Sony telling you what you *can't* do with the hardware you bought, such as running your own code and operating systems. Some of it is indeed the (admittedly impressive) feats they go through to try and get the key out of a piece of hardware. The fact of the matter is, once someone has physical access to a device, it's always only a matter of time before these things are cracked. It's just making it hard enough that it outlives the necessary period. Has that happened for the PS3? I'm not so sure. On the PC, DRM is mostly there to survive the first week of release - it often doesn't - but this is the period in which most sales and hence most profit is made.

Look at games like Minecraft. Arguably it has no DRM, just a login to check you did buy the game. For all that it has been copied, it still sold loads, and continues to do so. As an artist, I know I cannot post my pictures on the net, and expect them not to be viewed. I cannot expect the jpeg not to be copied. Data is just that, it's free to roam where it wants to. A bit like water. :P
I use to have a signature, then it all changed to chip and pin.

pctech


Gary

Apart from the horrendous PSN disaster (looks like bits will be back up soon with an update) the 3.60 firmware stopped the hacking of the PS3 again so its back to the drawing board, I can see why some people don't like to be told what they cant do with their hardware, but for most of us we just use it as intended. For the small number of PS3 owners who want homebrew gaming Sony could have just banned the consoles as Microsoft did, but the trouble was taking away running another OS on the Old PS3, oddly though that was never a really enjoyable experience and when it came out most people never used it, so a minority of very intelligent users of a less than wonderful OS experience that gave them the ability to hack a device mess up what was a pretty reasonable experience for the mainstream user. Wonderful...  >:(
Damned, if you do damned if you don't

kinmel

Quote from: pctech on May 01, 2011, 09:37:15
Valve have done pretty well with Steam.

Except that every useful game protected using Steam has been cracked to run without ever connecting to the Steam website !

You can even play cracked copies before the release date when Steam refuses to allow a connection.
Alan  ‹(•¿•)›

What is the date of the referendum for England to become an independent country ?

Technical Ben

Quote from: Gary on May 01, 2011, 10:14:31
Apart from the horrendous PSN disaster (looks like bits will be back up soon with an update) the 3.60 firmware stopped the hacking of the PS3 again so its back to the drawing board, I can see why some people don't like to be told what they cant do with their hardware, but for most of us we just use it as intended. For the small number of PS3 owners who want homebrew gaming Sony could have just banned the consoles as Microsoft did, but the trouble was taking away running another OS on the Old PS3, oddly though that was never a really enjoyable experience and when it came out most people never used it, so a minority of very intelligent users of a less than wonderful OS experience that gave them the ability to hack a device mess up what was a pretty reasonable experience for the mainstream user. Wonderful...  >:(

I think you will find the "hacking a PS3" incident and "hacking the entire SONY credit card server" are two distinct things.
The difference between recording off the radio, and smashing in the windows to HMV for a grab and run!
Or fitting your own HDD in a Mac compared to robbing the Apple store at gun point.
I use to have a signature, then it all changed to chip and pin.

Gary

Quote from: Technical Ben on May 01, 2011, 15:35:35
I think you will find the "hacking a PS3" incident and "hacking the entire SONY credit card server" are two distinct things.
The difference between recording off the radio, and smashing in the windows to HMV for a grab and run!
Or fitting your own HDD in a Mac compared to robbing the Apple store at gun point.
Some have said its possible there was a backlash in the hacking community, what I was saying is hacking the PS3 console was stopped in its tracks by the 3.60 update which probably annoyed the home console hackers even more because all the work geohots  did was then useless, so groups like anonymous get on their invisible horses and deny doing anything they may or may have not done because they are legion and all invisible and all powerful  ::)  and attack the sony PSN servers possibly, who knows who did it but it seems to be probably linked to the hate Sony bandwagon, and thought they would teach them a very expensive lesson. There is no direct proof credit card numbers are being sold, only rumours which also said they offered to sell them back to Sony who stil say there is no proof that they were taken, who do you believe? I think this was more to hurt Sony's reputation globally than to just steal credit cards as people will just change their cards quickly, but who knows, they did get passwords but so far no one has said other accounts have been hacked by people that use the same passwords, also some people have said their card has shown fraud, statistically out of 77 million people with maybe 2 million card details kept on servers that is likely to happen anyway which still does not prove or disprove that the card numbers were ever stolen..
Damned, if you do damned if you don't

Technical Ben

I would go with the simplest result really. The PS3 hacks, although done for "innocent*" purposes, opened up a risk to the PSN network. This opened up a risk to the users details.
So bad result, but probably by different people. Same with Annon or the likes. If half of them are PS3 owners, would they really kill the console? Would they steal their own data?
Or is it more likely, the same people who go out with phishing emails, credit card scams, and general ID theft are behind it?
I could understand one lone hacker too, if sony sent him an injunction, retaliating en mass.  :out:

It could just have likely been a cleaner in the server farm, waling up to the rack door with a crow bar, and taking a HDD while no one was around. Then would people be blaming "pirates"?
The pirates usually criminals, and have stolen something. But would you expect the kid who takes an apple off a tree to be the first person to be questioned when there is a bank robbery?



*I don't think it's innocent. Just as said, a minor offence lending out a computer game, or taping off the radio.
I use to have a signature, then it all changed to chip and pin.

Gary

with the mindset of anonymous  who knows, but using the hacks as cover to steal from the network would also be plausible, its hard to say but a faction of anon were threatening Sony Execs and and their children by getting lists of where they lived which is pretty nasty... that does not make sense either just over geohot,. Cutting off your account to prove a point is not beyond the realms of imagination with that lot, after all Sony will put it all back together but a point would have been made...all conjecture of course but they are very motivated and did promise to give Sony their undivided attention and I quote 'the biggest attack you have ever witnessed' in  a message released on the 14th of April. As you said it could have been anybody but maybe cyber terosm is a thing that big company's should be more careful about, have you read anons blog pages? Interesting stuff if a bit self righteous. Wiki have some reading on them http://en.wikipedia.org/wiki/Anonymous_%28group%29

The Encyclopaedia Dramatica are less kind ;D

http://encyclopediadramatica.ch/Anonymous

Damned, if you do damned if you don't

Technical Ben

This news post suggests even more that the risk and hack was down to plain old thieves, and not PS3 hacking kids.
http://www.wired.com/gamelife/2011/05/sony-online-entertainment-hack/

So that's an entirely separate part of Sony getting stung for credit card details.  :shake:
I use to have a signature, then it all changed to chip and pin.

Gary

Quote from: Technical Ben on May 03, 2011, 08:50:50
This news post suggests even more that the risk and hack was down to plain old thieves, and not PS3 hacking kids.
http://www.wired.com/gamelife/2011/05/sony-online-entertainment-hack/

So that's an entirely separate part of Sony getting stung for credit card details.  :shake:
I saw that the SOE part was now hacked, what a bladdy mess tbh. I have thoiught maybe I should just sell it all and get an XBox but who is to say that wont happen to them, I guess at least Sony will be more secure now than most.  :shake:
Damned, if you do damned if you don't

Technical Ben

I'd agree with you, and keep the air of caution. Keep all the extra security options. (For example, Steam now has an "IP" lock, where if you get/use a different ip, you have to get a proper activation to be able to buy/change anything)

If it appears to be endemic to sony, then it might be an idea to get out or just plain avoid giving out your credit card.
Remember, Xbox, has gamer cards. So if you use a gamer card, Microsoft never see your CC details. However, every shop you go to to buy a card, or site you use for points, could also loose your details.

:P
I use to have a signature, then it all changed to chip and pin.

Gary

Son now saying the found a message from anon on their servers after the attack, whether its genuine though...if it is they are a group to really worry about. http://www.theregister.co.uk/2011/05/04/sony_implicates_anonymous/
Damned, if you do damned if you don't

Technical Ben

Either way I don't really care who did it any more. It's wrong.
didn't think they would be that childish.

Guess I might use it as an excuse from now on though. "Anon" did it.  :whistle:  ;)
I use to have a signature, then it all changed to chip and pin.