From Ben Kuchera at ArsTechnica:
This shouldn't have been possible. In fact, cracking the PS3's encryption could only have occurred on a time scale of billions of years if Sony's coders hadn't shat the bed when they wrote the signing software. Sony's box was the most secure console, but the use of a constant rather than a random number in its encryption process may have made it the most vulnerable platform on the market. No modchip is required, just a simple firmware update (and possibly, a permanent disconnect from the PlayStation Network).
Sony has applied for an injunction against Hotz and F0 in federal court, saying:
The PlayStation 3 is a compromised system. Its master key is all over the Internet, custom firmware allowing third-party software to run on the hardware is a click away, and Sony is furiously trying to stop this information from spreading. The company asked the courts for a temporary restraining order keeping those responsible from any further sharing of the keys or information about cracking the PS3, and is suing for damages.George Hotz and a group calling itself "Fail 0verflow" were able to exploit a cryptographic error to obtain the PS3's private "master key." Hotz (not F0) has released the key, so a simple firmware hack -- by now widely available -- will allow users to bypass digital signature authentication and install any compatible software on the system. Such software will inevitably include pirated games.
This shouldn't have been possible. In fact, cracking the PS3's encryption could only have occurred on a time scale of billions of years if Sony's coders hadn't shat the bed when they wrote the signing software. Sony's box was the most secure console, but the use of a constant rather than a random number in its encryption process may have made it the most vulnerable platform on the market. No modchip is required, just a simple firmware update (and possibly, a permanent disconnect from the PlayStation Network).
Sony has applied for an injunction against Hotz and F0 in federal court, saying:
"The lack of injunctive relief will ... result in the loss of goodwill to licensees, encourage infringers to increase operations, and discourage anti-piracy enforcement which is great and irreparable harm[.]"They're half-right. PS3 games are going to be pirated to hell and back, and there will be no security incentives for anyone to develop a PS3 exclusive. No amount of legal wrangling, however, is going to stop people from either downloading the hacked firmware or using the same method to root the system. It's over: the last secure platform has been cracked wide open, and there's no way to close it. All that's left for Sony is to sue the hackers into poverty, hoping that it will deter others from hacking the PS4.
No comments:
Post a Comment