Related Links

Related Stories

  • Sony data breach lawsuit largely dismissed
    A class-action suit against Sony over a PlayStation Network data breach in April of 2011 has been largely dismissed, after months of consumer backlash and high-profile recriminations against the company.
  • Sony hacked by NullCrew; Anonymous attacks MI5 and MI6
    NullCrew, a new hacking group that has been particularly active over the last couple of months, has hacked Sony mobile websites – adding to its rapidly growing list of victims (Cambridge University, Yale University, Cambodia Army, PMT Air and many more).
  • LulzSec Sony Pictures hackers were school chums
    The two hackers from the nefarious cybercriminal group LulzSec arrested in conjunction with the Sony Pictures data breach have turned out to be college friends, sharing a history of cyber-research and seemingly well-meaning training in the arts of security intrusion and detection.
  • Second LulzSec member arrested over Sony hacks
    Raynaldo Rivera (aged 20), aka neuron, royal and wildicv, has been taken into custody following his indictment last week charging him with conspiracy and unauthorized impairment of a protected computer; that is, last year’s Sony hacks.
  • Hackers hijack Jacko's music from Sony
    Around the same time that personal information on 100 million Sony customers was being exposed, hackers broke into Sony’s network and stole around $250 million worth of music, including Michael Jackson's entire back catalogue.

Top 5 Stories


Sony PS3 hacked again

24 October 2012

Sony’s policy of maintaining control over what software can run on its PS3 console has been undermined – some suggest permanently – by the release of the PS3 LVO decryption keys.

The PS3 has been hacked before, notably by a hacking group called fail0verflow which discovered the ECDSA cryptographic key used by the console to authorize high-level operations. This allowed users to run any code, rather than just Sony-allowed code. Sony responded with the release of the 3.60 firmware, which plugged most known security holes. Only users willing or able to run older firmware and forgo access to the Playstation Network could continue to run their own software.

Now, a group called the Three Muskateers has leaked the LVO decryption keys. According to Eurogamer, “the reveal of the LV0 key basically means that any system update released by Sony going forward can be decrypted with little or no effort whatsoever.” This doesn’t necessarily mean game permanently over for Sony’s software control of the PS3, Nate Lawson of Root Labs told Ars Technica; but it certainly makes it more difficult. “They're going to have to depend on obfuscation as their primary security measure to keep people from decrypting their updates,” he said. “It’s a cat-and-mouse game that's now more closely in the favor of the attackers. But Sony has plenty of things they can still do. It's just another link in the chain.”

The Three Muskateers apparently found the keys some time ago, but had not made them publicly available. In doing so now in a rather cryptic message on Pastie, they express disappointment in certain people and say that “only the fear of our work being used by others to make money out of it has forced us to release this now.” The clear implication or claim is that the keys have been stolen or leaked from them by the ‘certain people’, and that others are now trying to profit from the knowledge.

Although the Three Muskateers say nothing further, Eurogamer has no doubts. “The information leaked,” it reports, “and ended up being the means by which a new Chinese hacking outfit - dubbed "BlueDiskCFW" planned to charge for and release new custom firmware updates. To stop these people profiteering from their work, the "Muskateers" released the LV0 key and within 24 hours, a free CFW update was released.”

This article is featured in:
Encryption  •  Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×