Bug found in Playstation 3

The bug is difficult to exploit, and is consequently described as 'potentially' worrying. It typically requires the target to load a doctored 'saved game' from a USB stick. "The PS3 filter system of the SpeicherDaten (DienstProgramm) module does not recognize special characters and does not provide any kind of input restrictions," reported Vulnerability Lab. "Attackers can manipulate the .sfo file of a save game to execute system specific commands or inject malicious persistent script code."

If successful, it warned, it "can result in persistent but local system command executions, PSN session hijacking, persistent phishing attacks, external redirect out of the vulnerable module, stable persistent save game preview listing context manipulation."

But Christopher Boyd, senior threat researcher with ThreatTrack Security, doesn't think PS3 gamers need worry too much. He told The Register that a successful attack would require multiple steps, each of which could cause alarm. First the attacker would need to 'resign' malicious saves and store them on a free file host (red flag 1); or post to a dedicated gaming site "which can smell a rogue a mile away" (red flag 2). Alternatively, he would need local access to the PS3 (red flag 3) in order to get a game save on USB loaded.

"One might ask,” said Boyd, "why doing all of the above to phish somebody (for example) is worth it when simply sending an in-game phish link would be simpler."

But Paco Hope, principal consultant at Cigital, has a different view. He sees it as a warning of the threats to come with the increasing use of embedded devices. Luckily, he suggests, this is a bug (in the code) rather than a flaw (in the design). "Fix that code and the problem goes away," he said. "What it highlights, though, is the impact of bugs and flaws in the embedded device industry."

Had it been a flaw, things would have been different. "Backward compatibility would need to be maintained for unpatched devices, and a gradual roll-out of a big change could require more than one firmware upgrade, so Sony is surely glad that this was a bug and not a flaw."

Bug found in Playstation 3

You may also like

Give us this day our UTM

Google Docs leaks out private data

TweetDeck Taken Offline After XSS Flaw Hits Users

Infosecurity Europe 2014 > Crime Groups Increase Hold on Cyberspace

CloudFlare Launches Bug-Hunting Program

What’s hot on Infosecurity Magazine?

Alarming Decline in Cybersecurity Job Postings in the US

CrushFTP File Transfer Vulnerability Lets Attackers Download System Files

MITRE Reveals Ivanti Breach By Nation State Actor

How to Backup and Restore Database in SQL Server

Russia's Sandworm Upgraded to APT44 by Google's Mandiant

Massive Brute-Force Attack on Alibaba Affects Millions

Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation

North Korean Group Kimsuky Exploits DMARC and Web Beacons

Report Suggests 93% of Breaches Lead to Downtime and Data Loss

US Government and OpenSSF Partner on New SBOM Management Tool

NIST Unveils New Consortium to Operate National Vulnerability Database

EU Elections: Pro-Russian Propaganda Exploits Meta's Failure to Moderate Political Ads

Incident Response: Four Key Cybersecurity Measures to Protect Your Business

Is MFA Enough? Strategies for Next-Level Identity Security in 2024

Disinformation Defense: Protecting Businesses from the New Wave of AI-Powered Cyber Threats

Navigating the Evolving Cybersecurity Compliance Landscape in 2024

Adapting to Tomorrow's Threat Landscape: AI's Role in Cybersecurity and Security Operations in 2024

Beyond Passwords: Securing the Digital Age with MFA, 2FA, and Passwordless Authentication

Infosecurity Magazine Spring Online Summit 2024: Day One

Infosecurity Magazine Spring Online Summit 2024: Day Two

Russia’s Midnight Blizzard Accesses Microsoft Source Code

I-Soon GitHub Leak: What Cyber Experts Learned About Chinese Cyber Espionage

LockBit Takedown: What You Need to Know about Operation Cronos

Women in Cybersecurity at Infosecurity Europe 2024