Post by dlevere on Oct 28, 2012 11:00:07 GMT -4
'Network still secure' despite firmware hack and decryption key leak – security expert
By John Leyden
The appearance of a Sony PlayStation 3 firmware hack will only affect hardware modders, according to a gaming security expert.
Chinese hacker group BlueDisk-CFW has published a tool that circumvents the console's firmware. This was followed by the release of "LV0 decryption key." The decryption keys allow PS3 firmware packages to be unscrambled on a PC, then re-encrypted with existing firmware 3.55 keys so that they can be run on hacked consoles, as previously reported.
BlueDisk-CFW originally intended to charge for their tool but the release of the decryption key by a separate group called the The Three Musketeers spoiled that plan.
Anyone with a bit of technical skill can get around the restrictions themselves.
Chris Boyd (AKA PaperGhost), senior threat researcher at GFI Software, and an expert in gaming security, said both incidents make little different to regular gamers.
"The only real benefit to this is for those already running custom firmware on hacked machines, who are now able to update their PS3 and go online. While they may be able to play games online until Sony changes the PSN pass-phrase, it's unlikely to cause a wave of in-game cheating and modding."
Boyd added that the firmware hack has no bearing on the security of the PlayStation Network itself.
"The PlayStation Network itself is still secure and users shouldn't panic. I've already seen one person say they cancelled their credit card as a result of thinking the PSN had been compromised (it hasn't). With the PS4 on the horizon, this may prompt SONY to speed up work on the upcoming console."
The arrival of the firmware hack coincides with a ruling by a US judge that the notorious Sony PlayStation Network hack of May 2011, which left millions unable to play online games for weeks, provides insufficient grounds for a class action lawsuit.
By John Leyden
The appearance of a Sony PlayStation 3 firmware hack will only affect hardware modders, according to a gaming security expert.
Chinese hacker group BlueDisk-CFW has published a tool that circumvents the console's firmware. This was followed by the release of "LV0 decryption key." The decryption keys allow PS3 firmware packages to be unscrambled on a PC, then re-encrypted with existing firmware 3.55 keys so that they can be run on hacked consoles, as previously reported.
BlueDisk-CFW originally intended to charge for their tool but the release of the decryption key by a separate group called the The Three Musketeers spoiled that plan.
Anyone with a bit of technical skill can get around the restrictions themselves.
Chris Boyd (AKA PaperGhost), senior threat researcher at GFI Software, and an expert in gaming security, said both incidents make little different to regular gamers.
"The only real benefit to this is for those already running custom firmware on hacked machines, who are now able to update their PS3 and go online. While they may be able to play games online until Sony changes the PSN pass-phrase, it's unlikely to cause a wave of in-game cheating and modding."
Boyd added that the firmware hack has no bearing on the security of the PlayStation Network itself.
"The PlayStation Network itself is still secure and users shouldn't panic. I've already seen one person say they cancelled their credit card as a result of thinking the PSN had been compromised (it hasn't). With the PS4 on the horizon, this may prompt SONY to speed up work on the upcoming console."
The arrival of the firmware hack coincides with a ruling by a US judge that the notorious Sony PlayStation Network hack of May 2011, which left millions unable to play online games for weeks, provides insufficient grounds for a class action lawsuit.