Hackers from Russia & Brazil have managed to discover a new exploit for the Sony PS4 – a couple of weeks ago, a number of electronics stores in Brazil had been advertising the means to copy and run a series of ripped retail games on the console. Not a whole lot was known about the hack back then, but information gradually began to trickle out from customers and make its way around the web, here’s a gaming insider’s report on it from yesterday.
Comments from Tripwire, STEALTHbits Technologies, Lancope on hacking Sony PS4.
Ken Westin, senior security analyst, Tripwire (www.tripwire.com):
“This reveals that the same encryption and protections that Sony has setup for game discs is not present or possible with the downloaded games that are stored on the PS4. You can bet that Sony is working on a fix for this, however in order for it to be enabled it will require a software update and it will take a while before it is fixed.”
Brett Fernicola, CISO, STEALTHbits Technologies (www.stealthbits.com):
“This is a very interesting hack that appears so far do be different from the PS3 hack that Sony squashed. The trick with the PS3 was that the actual unit itself needed a hacked firmware loaded. Then any game that was copied to disk or Blu-ray was easily playable both online and offline. If you stayed offline you could play your games forever until a new game came out that required a more recent firmware to load. In that case you needed to obtain a new hacked version of that firmware. If you connected one of these hacked PS3s to the internet Sony could easily detect you had a bogus firmware and could shut you down.
If this new hack does not require modification to the actual firmware of the PS4 then I think Sony is in for trouble. However the details of the article don’t go deep enough to really pick this apart yet. If the clean retail PS4 including its NAN/BIOS is being cloned to another clean retail PS4, one would have to assume once online Sony would be able to detect duplicated or cloned machines. However in my opinion piracy in general has little effect on the market. There will always be the people like myself willing to buy the retail version to support their favorite artists, developers, etc. The amount of time and money spent defeating the pirates would be better spent somewhere else. If you don’t believe me just look at the recent rise in vinyl record sales.”
Gavin Reid, VP of threat intelligence, Lancope (www.lancope.com):
“Vendors in this space face aggressive targeting by communities wishing to remove copy protection. The PS4 will be no different and Sony will continue to play an arms race against groups that benefit from the abilities to copy and share games. Open source groups like Homebrew with more altruistic motivations of extending the functionality of the console alongside groups selling modified consoles specifically to play copied games and of course the resell of the games themselves at fraction of the actuals costs. This has happened historically with all of the major consoles. It would be highly unlikely not to continue with the PS4.”
TK Keanini, CTO, Lancope (www.lancope.com):
“As a PS4 and Xbox gamer, I would also like to add that the integrity of the game is not only a matter of piracy but a matter of game play. Game developers must develop advanced methods of checking the integrity of the game at runtime as a certain percentage of gamers hack the game so that they can have an unfair advantage in competition. When this happens, most folks stop playing the game and the community moves to another game. Gamers don’t mind losing as long as they have lost in fairness. These cheats sometimes allow competitors to hide in walls or aimbots giving them 100% accuracy. No one likes cheaters.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.