Sony sues PlayStation 3 'hackers'

No dongle, no problem


Updated Sony has set the lawyers on hackers who figured out a way to run unsigned code on PlayStation 3 consoles without the use of a dongle.

The hack, made possible by the discovery of the private key Sony used to sign its software, was demonstrated by a group called fail0verflow at the Chaos Communication Congress in Berlin late last month.

Sloppy cryptography by Sony meant anyone might be able to bypass copyright controls and sign their own code so that it ran on the console.

fail0verflow only published a video demonstration. It withheld the details of Sony's encryption key. The group has issued a statement explaining that it was motivated solely by the desire to restore the ability to run Linux or other alternative operating systems on the console. It condemned video game piracy.

Another hacker, George Hotz (AKA geohot), released modified firmware based on Sony's formerly secret key, allowing enthusiasts to run home-brewed software on the console. Hotz, the first hacker to successfully jailbreak the iPhone, pulled off the hack using a combination of hardware and software hacks, as explained in our earlier story here.

Although the initial application of the hack was to allow enthusiasts to run Linux on consoles, the same technique might also be applied to allow pirated games to run on the console, hence Sony's decision to call in its lawyers. Sony accuses both fail0verflow and geohot of copyright infringement and computer fraud.

The consumer electronics giant is seeking a restraining order against the publication of the code, which it claims has already facilitated copyright control circumvention and piracy.

Hotz1, 21, told the BBC that Sony's legal offensive was on a hiding to nothing. "I have spoken with legal counsel and I feel comfortable that Sony's action against me doesn't have any basis," he said.

fail0verflow's website has been stripped down overnight to feature only a brief message saying "Sony sued us" alongside a statement explaining its position.

"We have never condoned, supported, approved of or encouraged videogame piracy," it said. "We have not published any encryption or signing keys. We have not published any Sony code, or code derived from Sony's code."

The group also published court documents filed against it by Sony.

Hotz likewise published Sony's lawsuit on his site, which appears to be struggling to cope with interest and has become very slow to load.

As well filing the lawsuit, Sony may attempt to reestablish control of the situation by updating PS3 console software over the net.

GFI Security researcher Chris Boyd. an experienced gamer, said that simply pushing an update would not resolve the underlying problem, although it might treat its symptoms.

"Updating could be a nightmare - in theory, they could blacklist anything using current keys and whitelist all executable content with new keys but there's no guarantee the same thing won't happen again."

The PlayStation 3 is the last video game console to be hacked. Sony can take some comfort from this point, as well as noting that previous hacks against other consoles have not added up to an increase in video-game piracy, Boyd added.

"As far as piracy goes, Sony could ask game developers not to compress data on the blu-rays, which could deter pirates who don't want to download 50GB files every time they want to grab a game. Whilst I think current generation consoles are nearing their natural lifespan anyway, Sony will be encouraged by the fact that other consoles were hacked much earlier and still enjoy very healthy sales all round." ®

1Hotz (geohot) is not a member of Fail0verflow, as incorrectly reported in the initial version of this story.

Similar topics


Other stories you might like

  • Red Hat Kubernetes security report finds people are the problem
    Puny human brains baffled by K8s complexity, leading to blunder fears

    Kubernetes, despite being widely regarded as an important technology by IT leaders, continues to pose problems for those deploying it. And the problem, apparently, is us.

    The open source container orchestration software, being used or evaluated by 96 per cent of organizations surveyed [PDF] last year by the Cloud Native Computing Foundation, has a reputation for complexity.

    Witness the sarcasm: "Kubernetes is so easy to use that a company devoted solely to troubleshooting issues with it has raised $67 million," quipped Corey Quinn, chief cloud economist at IT consultancy The Duckbill Group, in a Twitter post on Monday referencing investment in a startup called Komodor. And the consequences of the software's complication can be seen in the difficulties reported by those using it.

    Continue reading
  • Infosys skips government meeting - and collecting government taxes
    Tax portal wobbles, again

    Services giant Infosys has had a difficult week, with one of its flagship projects wobbling and India's government continuing to pressure it over labor practices.

    The wobbly projext is India's portal for filing Goods and Services Tax returns. According to India’s Central Board of Indirect Taxes and Customs (CBIC), the IT services giant reported a “technical glitch” that meant auto-populated forms weren't ready for taxpayers. The company was directed to fix it and CBIC was faced with extending due dates for tax payments.

    Continue reading
  • Google keeps legacy G Suite alive and free for personal use
    Phew!

    Google has quietly dropped its demand that users of its free G Suite legacy edition cough up to continue enjoying custom email domains and cloudy productivity tools.

    This story starts in 2006 with the launch of “Google Apps for Your Domain”, a bundle of services that included email, a calendar, Google Talk, and a website building tool. Beta users were offered the service at no cost, complete with the ability to use a custom domain if users let Google handle their MX record.

    The service evolved over the years and added more services, and in 2020 Google rebranded its online productivity offering as “Workspace”. Beta users got most of the updated offerings at no cost.

    Continue reading

Biting the hand that feeds IT © 1998–2022