Related Links

Top 5 Stories


Sony PS3 hacked again

24 October 2012

Sony’s policy of maintaining control over what software can run on its PS3 console has been undermined – some suggest permanently – by the release of the PS3 LVO decryption keys.

The PS3 has been hacked before, notably by a hacking group called fail0verflow which discovered the ECDSA cryptographic key used by the console to authorize high-level operations. This allowed users to run any code, rather than just Sony-allowed code. Sony responded with the release of the 3.60 firmware, which plugged most known security holes. Only users willing or able to run older firmware and forgo access to the Playstation Network could continue to run their own software.

Now, a group called the Three Muskateers has leaked the LVO decryption keys. According to Eurogamer, “the reveal of the LV0 key basically means that any system update released by Sony going forward can be decrypted with little or no effort whatsoever.” This doesn’t necessarily mean game permanently over for Sony’s software control of the PS3, Nate Lawson of Root Labs told Ars Technica; but it certainly makes it more difficult. “They're going to have to depend on obfuscation as their primary security measure to keep people from decrypting their updates,” he said. “It’s a cat-and-mouse game that's now more closely in the favor of the attackers. But Sony has plenty of things they can still do. It's just another link in the chain.”

The Three Muskateers apparently found the keys some time ago, but had not made them publicly available. In doing so now in a rather cryptic message on Pastie, they express disappointment in certain people and say that “only the fear of our work being used by others to make money out of it has forced us to release this now.” The clear implication or claim is that the keys have been stolen or leaked from them by the ‘certain people’, and that others are now trying to profit from the knowledge.

Although the Three Muskateers say nothing further, Eurogamer has no doubts. “The information leaked,” it reports, “and ended up being the means by which a new Chinese hacking outfit - dubbed "BlueDiskCFW" planned to charge for and release new custom firmware updates. To stop these people profiteering from their work, the "Muskateers" released the LV0 key and within 24 hours, a free CFW update was released.”

This article is featured in:
Encryption  •  Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×