Sony PS3 “Rootkit” Rumours are Rubbish!!!!!!! [/FACEPALM]

[zylor]

Suggestions that Sony has added a rootkit with the latest firmware update to its PS3 console have been denounced as bunkum by a leading gaming security expert.

Rumours began flying on the interwebs earlier this week that the official 3.56 firmware upgrade for Sony's consoles gave the consumer electronics giant the ability to execute code on the PS3 as soon as a user goes online.

Sony can use the technology to verify system files or to look for home-brewed games, it was suggested. More sinister still, it was warned, the code can be updated without further firmware updates.

The more excitable elements of the gamer community as well as tech blogs and gaming sites cried foul over the move, with many describing it as the introduction of hidden "rootkit-style" functionality.

But Chris Boyd, a security researcher at GFI Security who has studied the security of online games for several years, points out the development is not new since Sony wrote the ability for it to do remote updates into its terms and conditions since at least 2006.

"It's been known for a while that a networked PS3 will contact Sony servers at start up (whether it has an active PlayStation network account on it or not), which performs various tasks related to error logs, updates and other activities," Boyd (aka Paperghost) told El Reg.

Anyone using a PS3 agrees in the terms of service to allow their console to perform these tasks.

Mark Russinovich found a rootkit in Sony CDs back in 2005, provoking a huge privacy outcry. This has led some enthusiasts and bloggers to suggest that history is repeating itself with the PS3 firmware upgrade.

The PS3 firmware upgrade is nothing like as malign, argues Boyd, who has spoken on X-Box and online gaming security at several security conferences. "Comparing a last ditch attempt at blocking hacks and custom firmware to the truly dreadful CD rootkit is mind boggling."

Sony bundled ill-conceived copy-protection on its music CDs that meant a rootkit was installed if they were played on Windows PCs. This created a vulnerability on affected machines later latched onto by malware writers. Sony withdrew the technology following an outcry.

Comparing this to the PS3 firmware update misunderstands what has actually been done or the practical risks of the move, according to Boyd.

"This is only really a concern if you're interested in modding - otherwise I'm not convinced there's a 'threat' as such," Boyd told El Reg. "I'm still waiting for someone to explain how this 'PS3 rootkit' could be used to run unsigned malicious code on a non-jailbroken box," he added.

Sony recently earned the enmity of the gamer and security communities by suing hackers who figured out a way to run unsigned code on PlayStation 3 consoles without the use of a dongle. The blogiverse has been inclined to ascribe the worst possible motives to anything Sony has done with a console since, regardless of whether it's actually new or how what it's doing sits against other potential threats.

Boyd, who has been vocal in criticising the lawsuits against the PS3 hackers such as geohot, nonetheless argues that gamers need to get a grip. "People will happily download homebrew from Basement Bob which could steal logins/credit card details, but code from the console maker is evil?" ®

Source: Sony PS3 rootkit rumours rubbished ? The Register

[Ben Jeremy]

He's talking about the potential for EXTERNAL threats on people's unmodded consoles. The context is Sony's CD rootkit exposed people's computers to malware threats because it hid folders and execution, creating a HUGE security hole. He wasn't talking about what Sony might do with that back door.

He even states that the only threat is to modded consoles from Sony.


...that said, it isn't rubbish, it's the homebrew scene's worse fears. Sony has shown no impulse control when it comes to throwing out nasty surprises for modders. Witness the "Service Mode" bricks from 3.56, or the code specifically added to the firmware to prevent external flashing of older firmware after 3.21 (to keep PS3 owners from using OtherOS once they upgraded). Only a fool would think that Sony won't use this backdoor to drop in some dirty package to FUBAR a system so the only fix is to install the latest firmware.

I know people consider Microsoft the epitome of evil, but out of the console makers, they've had the most charitable view toward hackers, content with keeping them off of Live (and hiring them, in some cases). They even sent Geohot a Windows Mobile phone to hack.

[AmazingLarry]

Obviously this "security expert" is missing the point, no one ever said they were afraid of unsigned malicious code, we've all known the console communicated with sony servers.

The problem is with sony's ability to run their own signed remote code. I would seriously fire this expert for having such poor analytical skills.

The facepalm is on the OP.

[zylor]

The facepalm is on the OP.

What is a OP?

[Kamse]

Original Poster, the one whom created the thread/topic.
Anyway, this guy is right regarding the fact that the ps3 is sending infos whenever it's connected to the net.
But he's not talking about the fact that Sony could silent update our consoles while connected to the psn... which is a whole other story.
Even Mathieulh said so... and i do believe him.

[zylor]

Original Poster, the one whom created the thread/topic.
Anyway, this guy is right regarding the fact that the ps3 is sending infos whenever it's connected to the net.
But he's not talking about the fact that Sony could silent update our consoles while connected to the psn... which is a whole other story.
Even Mathieulh said so... and i do believe him.

To be honest o read what Math said after reading this... and i facepalmed myself! LOL
Anyway... since i believe in hackers more then this bullshit "experts"...
I think IMHO that this will be patched in the upcoming cfws

[Jassbag]

You can't patch code that doesn't reside into the system you own. The code is downloaded from sony everytime. Yes, you can patch to ignore it but it's useless. "PSN" waits for a verified OFW response from the code execution. That response can be changed every day

[squarepusher2]

Boyd, who has been vocal in criticising the lawsuits against the PS3 hackers such as geohot, nonetheless argues that gamers need to get a grip. "People will happily download homebrew from Basement Bob which could steal logins/credit card details, but code from the console maker is evil?"

Oh, I just love the appeal to authority here. Because we all know this company is making sweet love to everyone of us and is our big daddy figure. It would never do anything maliciously (oh no, that is unfathomable!).

Really makes you wonder what this guy's spiel here is all about.

No doubt this article made doubly sure to reinforce the perception that this was an 'independent' security expert....

Since when is The Register a venue for cheap corporate PR BTW? Is Microsoft going to masquerade Major Nelson as a 'security expert' next time it needs to do some perception management to give the C4eva's of the world a bad name?

[AngryGir]

Prop piece of paid journalistic advertising meant to explain to the masses that don't worry, Sony is just targeting the pirates. It neglects the consideration that creating a rootkit that is updatable without a check, could be used by more than just Sony. The 'expert' even addresses the possibility that homebrew could steal personal and credit info, and does not even consider the consequences from the Sony rootkit, that homebrew that could use this authorized entry into the system instead of Sony for evil purposes. We have the keys to sign it Sony code, why could an evil person not use this for evil purposes. Why does a security expert not even consider this? Probally because it is a blatent prop piece.

He also never disputes that it is there, just claims it is trival in comparision to the CD rootkit.

[AngryGir]

This thread inspired a creative answer to Sony's rootkit bs in 3.56 firmware. In my above post I commented on the fact that the expert failed to consider in the interview an obvious security concern, to show that it was likely that the interview was really just a hidden message. With the 'interview' being little more than camflauge for pro Sony propeganda. But my security concern got me thinking, why couldn't we hijack this?

In my earlier post I mentioned we have the keys to sign code as Sony's. So after some engineering couldn't we hijack the new Sony rootkey in the 3.56 firmware. Now I'm not one for viruses, infact this would be the first time I'm suggesting it, but maybe such a virus is the answer to forcing Sony's hand. Now if the rootkey presents a security vulnerability, and viruses that were signed as Sony code were released into the wild, it would create a problem. Now we could say that really sucks, and it does, but think of the silver lining as well. The article mentions that personal and credit card info were at risk with homebrew. What if homebrew that targeted just the Sony rootkey emerged. All the homebrew devs could stay silent and not fix the problem forcing Sony to respond.

Now you can say all that credit info is a huge risk, and it is, but think of all the little kids in the world running cfw on their PS3's with their parents credit card info stored on it. If this happened people would care about the rootkey risk and force Sony to withdraw it, or have every parent in the world scared to let their kid use their credit card for the PSN store.