iPhone hacker publishes secret Sony PlayStation 3 key

DorsetBoy · Jan 06, 2011, 06:05:42

http://www.bbc.co.uk/news/technology-12116051

QuoteThe PlayStation 3's security has been broken by hackers, potentially allowing anyone to run any software - including pirated games - on the console

A collective of hackers recently showed off a method that could force the system to reveal secret keys used to load software on to the machine.

A US hacker, who gained notoriety for unlocking Apple's iPhone, has now used a similar method to extract the PS3's master key and publish it online.

Sony declined to comment on the hack. ............. (more)

Rik · Jan 06, 2011, 09:57:53

Saying Sony decline to comment is a bit superfluous. Did they really expect them to?

Gary · Jan 06, 2011, 11:11:25

The only way around this is hardware based, sadly hacking seems to be a joy for those who should use their skills in a better way as I see it. The problem is by breaking into the PS3 I bet down the line it becomes a target for some form of attack, nothing good ever comes of this type of thing.

pctech · Jan 06, 2011, 17:16:24

a botnet of zombie PS3s? that really would cause websites some serious bother.

Gary · Jan 07, 2011, 10:38:37

Quote from: pctech on Jan 06, 2011, 17:16:24
a botnet of zombie PS3s? that really would cause websites some serious bother.

It would, considering how powerful the cell processor is, the USAF ordered 300 PS3's to build their supercomputer back in 2008, the cell proc can encode True HD Video streams live on the fly, it does have 8 cores but in the PS3 it only uses seven. They can run happily at 4Ghz as well although they are underclocked in the PS3.

pctech · Jan 07, 2011, 10:46:54

IBM were selling some servers based on the cell for a while.

It surprised me that they didn't sell that well so Big Blue canned them.

Glenn · Jan 07, 2011, 10:54:02

Looks like Sony could have avoided the key being hacked.

http://www.thinq.co.uk/2011/1/6/ps3-private-key-discovered-through-sony-error/

Rik · Jan 07, 2011, 10:56:35

Oops.

Gary · Jan 07, 2011, 10:57:49

Quote from: Glenn on Jan 07, 2011, 10:54:02
Looks like Sony could have avoided the key being hacked.

http://www.thinq.co.uk/2011/1/6/ps3-private-key-discovered-through-sony-error/

Hindsight is a wonderful thing, considering how hard its been to hack the PS3 they did pretty well for quite few years now. And that's not really that remarkable as most hacks do tend to involve a problem with the software/firmware of some company who created it in the first place.

I am sure Microsoft/Apple/Adobe could have all avoided a hack if they had not made a mistake in their code...

esh · Feb 11, 2011, 13:43:11

If you're going to have a master private key, it's going to get out sooner or later. I don't see why people are vaguely surprised about this.

Technical Ben · Feb 12, 2011, 08:55:37

Quote from: Gary on Jan 06, 2011, 11:11:25
The only way around this is hardware based, sadly hacking seems to be a joy for those who should use their skills in a better way as I see it. The problem is by breaking into the PS3 I bet down the line it becomes a target for some form of attack, nothing good ever comes of this type of thing.

Ever buy a toy as a kid? Like kinder surprise? Get told not to open it? Ever!?
I guess there is more to it than that. But a lot of these people are just obsessive. If they can open it, they will. That and the fame. Fame has a big draw. :/

esh · Feb 17, 2011, 15:46:49

It's partially an objection to Sony telling you what you *can't* do with the hardware you bought, such as running your own code and operating systems. Some of it is indeed the (admittedly impressive) feats they go through to try and get the key out of a piece of hardware. The fact of the matter is, once someone has physical access to a device, it's always only a matter of time before these things are cracked. It's just making it hard enough that it outlives the necessary period. Has that happened for the PS3? I'm not so sure. On the PC, DRM is mostly there to survive the first week of release - it often doesn't - but this is the period in which most sales and hence most profit is made.

Technical Ben · Feb 17, 2011, 16:15:30

Quote from: esh on Feb 17, 2011, 15:46:49
It's partially an objection to Sony telling you what you *can't* do with the hardware you bought, such as running your own code and operating systems. Some of it is indeed the (admittedly impressive) feats they go through to try and get the key out of a piece of hardware. The fact of the matter is, once someone has physical access to a device, it's always only a matter of time before these things are cracked. It's just making it hard enough that it outlives the necessary period. Has that happened for the PS3? I'm not so sure. On the PC, DRM is mostly there to survive the first week of release - it often doesn't - but this is the period in which most sales and hence most profit is made.

Look at games like Minecraft. Arguably it has no DRM, just a login to check you did buy the game. For all that it has been copied, it still sold loads, and continues to do so. As an artist, I know I cannot post my pictures on the net, and expect them not to be viewed. I cannot expect the jpeg not to be copied. Data is just that, it's free to roam where it wants to. A bit like water.

pctech · May 01, 2011, 09:37:15

Valve have done pretty well with Steam.

Gary · May 01, 2011, 10:14:31

Apart from the horrendous PSN disaster (looks like bits will be back up soon with an update) the 3.60 firmware stopped the hacking of the PS3 again so its back to the drawing board, I can see why some people don't like to be told what they cant do with their hardware, but for most of us we just use it as intended. For the small number of PS3 owners who want homebrew gaming Sony could have just banned the consoles as Microsoft did, but the trouble was taking away running another OS on the Old PS3, oddly though that was never a really enjoyable experience and when it came out most people never used it, so a minority of very intelligent users of a less than wonderful OS experience that gave them the ability to hack a device mess up what was a pretty reasonable experience for the mainstream user. Wonderful...

kinmel · May 01, 2011, 14:50:10

Quote from: pctech on May 01, 2011, 09:37:15
Valve have done pretty well with Steam.

Except that every useful game protected using Steam has been cracked to run without ever connecting to the Steam website !

You can even play cracked copies before the release date when Steam refuses to allow a connection.

Technical Ben · May 01, 2011, 15:35:35

Quote from: Gary on May 01, 2011, 10:14:31
Apart from the horrendous PSN disaster (looks like bits will be back up soon with an update) the 3.60 firmware stopped the hacking of the PS3 again so its back to the drawing board, I can see why some people don't like to be told what they cant do with their hardware, but for most of us we just use it as intended. For the small number of PS3 owners who want homebrew gaming Sony could have just banned the consoles as Microsoft did, but the trouble was taking away running another OS on the Old PS3, oddly though that was never a really enjoyable experience and when it came out most people never used it, so a minority of very intelligent users of a less than wonderful OS experience that gave them the ability to hack a device mess up what was a pretty reasonable experience for the mainstream user. Wonderful...

I think you will find the "hacking a PS3" incident and "hacking the entire SONY credit card server" are two distinct things.
The difference between recording off the radio, and smashing in the windows to HMV for a grab and run!
Or fitting your own HDD in a Mac compared to robbing the Apple store at gun point.

Gary · May 01, 2011, 19:26:50

Quote from: Technical Ben on May 01, 2011, 15:35:35
I think you will find the "hacking a PS3" incident and "hacking the entire SONY credit card server" are two distinct things.
The difference between recording off the radio, and smashing in the windows to HMV for a grab and run!
Or fitting your own HDD in a Mac compared to robbing the Apple store at gun point.

Some have said its possible there was a backlash in the hacking community, what I was saying is hacking the PS3 console was stopped in its tracks by the 3.60 update which probably annoyed the home console hackers even more because all the work geohots did was then useless, so groups like anonymous get on their invisible horses and deny doing anything they may or may have not done because they are legion and all invisible and all powerful

and attack the sony PSN servers possibly, who knows who did it but it seems to be probably linked to the hate Sony bandwagon, and thought they would teach them a very expensive lesson. There is no direct proof credit card numbers are being sold, only rumours which also said they offered to sell them back to Sony who stil say there is no proof that they were taken, who do you believe? I think this was more to hurt Sony's reputation globally than to just steal credit cards as people will just change their cards quickly, but who knows, they did get passwords but so far no one has said other accounts have been hacked by people that use the same passwords, also some people have said their card has shown fraud, statistically out of 77 million people with maybe 2 million card details kept on servers that is likely to happen anyway which still does not prove or disprove that the card numbers were ever stolen..

Technical Ben · May 01, 2011, 23:46:30

I would go with the simplest result really. The PS3 hacks, although done for "innocent*" purposes, opened up a risk to the PSN network. This opened up a risk to the users details.
So bad result, but probably by different people. Same with Annon or the likes. If half of them are PS3 owners, would they really kill the console? Would they steal their own data?
Or is it more likely, the same people who go out with phishing emails, credit card scams, and general ID theft are behind it?
I could understand one lone hacker too, if sony sent him an injunction, retaliating en mass.

It could just have likely been a cleaner in the server farm, waling up to the rack door with a crow bar, and taking a HDD while no one was around. Then would people be blaming "pirates"?
The pirates usually criminals, and have stolen something. But would you expect the kid who takes an apple off a tree to be the first person to be questioned when there is a bank robbery?

_{*I don't think it's innocent. Just as said, a minor offence lending out a computer game, or taping off the radio.}

Gary · May 01, 2011, 23:58:02

with the mindset of anonymous who knows, but using the hacks as cover to steal from the network would also be plausible, its hard to say but a faction of anon were threatening Sony Execs and and their children by getting lists of where they lived which is pretty nasty... that does not make sense either just over geohot,. Cutting off your account to prove a point is not beyond the realms of imagination with that lot, after all Sony will put it all back together but a point would have been made...all conjecture of course but they are very motivated and did promise to give Sony their undivided attention and I quote 'the biggest attack you have ever witnessed' in a message released on the 14th of April. As you said it could have been anybody but maybe cyber terosm is a thing that big company's should be more careful about, have you read anons blog pages? Interesting stuff if a bit self righteous. Wiki have some reading on them http://en.wikipedia.org/wiki/Anonymous_%28group%29

The Encyclopaedia Dramatica are less kind

http://encyclopediadramatica.ch/Anonymous

Technical Ben · May 03, 2011, 08:50:50

This news post suggests even more that the risk and hack was down to plain old thieves, and not PS3 hacking kids.
http://www.wired.com/gamelife/2011/05/sony-online-entertainment-hack/

So that's an entirely separate part of Sony getting stung for credit card details.

Gary · May 03, 2011, 09:36:01

Quote from: Technical Ben on May 03, 2011, 08:50:50
This news post suggests even more that the risk and hack was down to plain old thieves, and not PS3 hacking kids.
http://www.wired.com/gamelife/2011/05/sony-online-entertainment-hack/

So that's an entirely separate part of Sony getting stung for credit card details.

I saw that the SOE part was now hacked, what a bladdy mess tbh. I have thoiught maybe I should just sell it all and get an XBox but who is to say that wont happen to them, I guess at least Sony will be more secure now than most.

Technical Ben · May 04, 2011, 09:39:56

I'd agree with you, and keep the air of caution. Keep all the extra security options. (For example, Steam now has an "IP" lock, where if you get/use a different ip, you have to get a proper activation to be able to buy/change anything)

If it appears to be endemic to sony, then it might be an idea to get out or just plain avoid giving out your credit card.
Remember, Xbox, has gamer cards. So if you use a gamer card, Microsoft never see your CC details. However, every shop you go to to buy a card, or site you use for points, could also loose your details.

Gary · May 04, 2011, 21:00:45

Son now saying the found a message from anon on their servers after the attack, whether its genuine though...if it is they are a group to really worry about. http://www.theregister.co.uk/2011/05/04/sony_implicates_anonymous/

Technical Ben · May 04, 2011, 22:58:34

Either way I don't really care who did it any more. It's wrong.
didn't think they would be that childish.

Guess I might use it as an excuse from now on though. "Anon" did it.