Posts tagged: PS3

Apr 27 2011

How the PlayStation Network was Hacked ?

PS3 HackedAfter 7 days of speculation-ridden downtime, Sony has finally announced that the PlayStation Network (PSN) outage was due to a massive hack that exposed the names, birthdays, email addresses, passwords, security questions, and maybe credit card details, of all PSN users.

At first, the most likely explanation for the PSN’s downtime was a continuation of Anonymous’s DDoS reprisal for Sony’s persecution of PlayStation 3 jailbreaker, George Hotz (geohot). Then, as the outage extended past a few days, and Sony announced that it was “rebuilding” its network due to an “external intrusion,” it became apparent that this was much more than a simple, brute force denial of service attack. Today’s announcement by Sony confirms that the PlayStation Network’s security mechanisms were fully circumvented, and that at least one of its most sensitive databases was breached and accessed sometime between April 17 and 19.

How was the PlayStation Network hacked, though? Ironically, for security reasons, and because Sony is historically very tight-lipped on such matters, we will probably never know the exact attack vector — but we can certainly make some well-educated guesses about how the PlayStation Network was hacked. First, given its proximity to Anonymous’s recent attacks, it’s likely that the database breach is somehow related. It’s safe to assume that Anonymous could have learned about a weakness in the PSN’s security mechanisms, and then passed that data on to another group of hackers — and from there, if the hole was big enough, the attackers might have been able to simply step right in with an SQL injection attack.

Moving forward, there’s no indication of when the PlayStation Network will return. Sony has warned its users to look out for mail or telephone scams, and to lodge a “fraud alert” with credit bureaus like Experian and and Equifax, which should prevent your credit card from being used by the hackers. If you’re a PlayStation Network user, check the PlayStation Blog for more information.

As we move towards a lifestyle that is dominated by cloud-based services like Gmail, Steam, Xbox Live, and Netflix, these attacks will become more and more commonplace. It’s infinitely convenient to have your data all in one place and accessible from any net-connected computer — but likewise, these services represent the juiciest imaginable hacking target. A large database of email addresses is worth millions if sold to a spam baron!

Jan 30 2010

PlayStation 3 Hacked – Exploit Released

Geohot finally released his exploit so the world could see for itself exactly what the hack does and doesn’t accomplish.

According to the instructions, it involves compiling and running the kernel module and then pulsing a memory bus on the PS3′s motherboard.

“Try this multiple times,” his instructions state. “I rigged an FPGA button to send the pulse. Sometimes it kernel panics, sometimes it lv1 panics, but sometimes you get the exploit!! If the module exits, you are now exploited.”

While the idea is sound, this hack is clearly not for the faint of heart.

From there, PS3 users get full memory access, including ring 0 access from OtherOS, geohot, whose real name is George Hotz, said here. He’s now turning follow-on work to the PS3 community, directing members to report their findings to the psDevWiki.

His instructions conclude: “The PS3 is hacked, its your job to figure out something useful to do with it.”

Source: The Register