Warning: jailbreaking PS3s is a security risk

18 February 2011

A PS3 hacker has made some as yet unverified claims that Sony is spying on PS3 users. Apparently they can check all sorts of information about device usage, including USB attachments and even what kind of TV you are using. Worse still, is the allegation that Sony is storing credit card information online as an unencrypted text file.

There are even claims that Sony is monitoring PS3s that haven’t signed into PSN, but are connected to the internet. Apparently a number of users with hacked firmware are receiving e-mails from the Sony legal department even though they aren’t logged into PSN, prompting fears that Sony is watching us…

Now of course all of this is unsubstantiated rumour. The real bit of information to take away is this fairly obvious warning: custom firmware (CFW) could pose a security risk.

Downloading and installing CFW packages might enable all sorts of wonderful Linux possibilities, or piracy if you are that way inclined. Hypothetically, if one is foolish enough to install a dodgy CFW and then log into PSN and make a purchase, the sneaky hacker who released the firmware could intercept and steal credit card information.

The hacking community explains that since connections to PSN are SSL encrypted, the CFW could contain a fake SSL certificate. This fake certificate would redirect traffic headed to PSN to a hacker’s secret hideout under a volcano, whereupon they can decrypt and steal credit card information and other personal information. The hacker then re-encrypts the data and sends it on to PSN, with parties on either end unaware of the nefarious deed.

This isn’t entirely in the realm of tinfoil hat wearing conspiracy theory, as similar middle-man data thieving schemes have been used to good effect on compromised PCs. Similar to CFW hack jobs, these spoof SSL certificates can be included in pirated versions of operating systems, most notably Windows.

Legitimate PSN users have nothing to fear, as it is well within Sony’s interest to ensure credit card transactions remain as secure as possible and private data is protected. Only those brave/stupid enough to install dodgy CFW are at risk – and some might suggest those of the Jolly Roger persuasion deserve it if they fall victim.

Would you install CFW on your PS3? << Share your thoughts on the MyGaming forum.

Source: Ars Technica

You have read 1 out of 5 free articles. Log in or register for unlimited access.

Read now

The best gaming website in South Africa
MyGaming proudly displays the “FAIR” stamp of the Press Council of South Africa, indicating our commitment to adhere to the Code of Ethics for Print and online media which prescribes that our reportage is truthful, accurate and fair. Should you wish to lodge a complaint about our news coverage, please lodge a complaint on the Press Council’s website, www.presscouncil.org.za or email the complaint to [email protected] Contact the Press Council on 011 4843612.