Newest PS3 firmware hacked in less than 24 hours

All Sony's horses and all Sony's men...


Hackers say they unlocked the latest firmware for the PlayStation 3 game console, less than 24 hours after Sony released it in a desperate attempt to stuff the jailbreaking genie back in the bottle.

Sony announced the release of Version 3.56 on Wednesday. That same day, game console hacker Youness Alaoui, aka KaKaRoToKS, tweeted that he had released the tools to unpack the files, allowing him to uncover the new version's signing keys.

The hack is the latest volley in Sony's never-ending campaign to lock down the PS3 so only authorized (read: sponsored) games and software run on the console. In the crosshairs are some of the PS3's most enthusiastic users, who want to dissolve the artificial shackles so they can run homebrewed software and other customized software on the hardware they legally own.

The hack underscores the futility of Sony's legal maneuvers. It came 24 hours before a federal judge ordered the seizure of computers belonging to George Hotz, one of the hackers who unlocked Version 3.55 and published the key used to sign authorized games. In other words, before the draconian temporary restraining order even went into effect, the PS3 baton had already been passed to another hacker, who was under no such restrictions.

One can imagine this pattern playing out indefinitely.

So far, Alaoui has released only the signing keys for 3.56, which have since been removed from Github.com following copyright take-down demands. Determined gamers can still find the data in underground sites, including on Gitorious.org. It's now a matter of someone using the key to create a customized version of the firmware and releasing it. That hasn't happened yet, although there are reports of several hoaxes offering fakes.

According to unconfirmed reports, Version 3.56 contains hidden functionality that allows Sony to scan PS3 consoles for custom firmware and other unauthorized software and report the results back to the company. Sony reportedly can modify the scanner anytime it wants to, without having to update the firmware. Microsoft is said to have put similar features in its Xbox 360 so it can ban modded consoles from its gaming network.

Version 3.56 also introduces a significantly re-engineered private encryption key that makes it next to impossible to roll back the update. PS3 users with older firmware are required to update if they want to continue using the PlayStation Network. ®

Similar topics

Broader topics


Other stories you might like

  • Cooler heads needed in heated E2EE debate, says think tank
    RUSI argues for collaboration, while others note all 'scans' compromise secure encryption

    End-to-end encryption (E2EE) has become a global flashpoint in the ongoing debate between the security of private communications versus the need of law enforcement agencies to protect the public from criminals.

    The Register has written at length about this increasingly strident back-and-forth that is seeing proponents of both sides more entrenched in their beliefs.

    London-based think tank the Royal United Services Institute (RUSI) released a report [PDF] this week laying out the contours of the privacy-vs-safety debate, weighing the needs and exploring possible solutions.

    Continue reading
  • Borat RAT: Multiple threat of ransomware, DDoS and spyware
    Thought Sacha Baron Cohen was a terrible threat actor? Get a load of this: encrypts/steals data, records audio/video and controls keyboard

    A new remote access trojan (RAT) dubbed "Borat" doesn't come with many laughs but offers bad actors a menu of cyberthreats to choose from.

    RATs are typically used by cybercriminals to get full control of a victim's system, enabling them to access files and network resources and manipulate the mouse and keyboard. Borat does all this and also delivers features to enable hackers to run ransomware, distributed denial of service attacks (DDoS) and other online assaults and to install spyware, according to researchers at cybersecurity biz Cyble.

    "The Borat RAT provides a dashboard to Threat Actors (TAs) to perform RAT activities and also has an option to compile the malware binary for performing DDoS and ransomware attacks on the victim's machine," the researchers wrote in a blog post, noting the malware is being made available for sale to hackers.

    Continue reading
  • US says Russian ran online marketplace of stolen logins
    Cyber-souk offered bundle deals of account access and credit card info, says Uncle Sam

    A Russian national was indicted in the US on Tuesday for allegedly running an online marketplace selling access to credit card, shopping, and web payment accounts belonging to tens of thousands of victims.

    Igor Dekhtyarchuk, 23, who is on the FBI's Cyber's Most Wanted list, is suspected to be the mastermind of an underground cyber-souk dubbed "Marketplace A" by the US Department of Justice. The site, launched in 2018 and known as a carding shop in the cyber-security industry, sold login details for people's internet banking and retail accounts so that fraudsters could, for instance, go on spending sprees on a stranger's dime.

    Marketplace A functioned like any other online store, and even had bundle deals, such as an offer to buy access to two online retail accounts and get some credit card information thrown in, for the same victim, it was claimed. The credentials were priced according to a victim's account balances; miscreants allegedly had to pay more for data associated with accounts with more money to steal from.

    Continue reading

Biting the hand that feeds IT © 1998–2022