PS4 News on Facebook! PS4 News on Twitter! PS4 News on YouTube! PS4 News RSS Feed!

Home PS4 News - Latest PlayStation 4 and PS3 News

February 17, 2011 // 2:46 pm - Yesterday Sony addressed PS3 circumvention devices, piracy and PSN bans and today PS3 hackers SKFU among others via ArsTechnica have reported on potential security risks for PlayStation Network users.

To quote: While I read about the big ban tsunami and interesting papers like PSN.PDF (Mirror). I gone through a funny theory, I won't publish any details tho:

1) The bans are based on the users' account and console ID's.

2) We can modify all traffic sent and received by the PlayStation 3

What if some skiddies start to modify their sent traffic to appear as another user and use backups?

The PSN servers would recognize the TOS violation and check the online user database for known connections based on the ID's. The user and his consoles who really owns the ID's would be banned.

Even a simple Windows application which goes through ALL ID's may be possible. 24 hours and any console worldwide would be banned. This should definitely be double-checked by SONY.

From Ars (linked above) to quote: "A document written by the hackers has clarified what they did and what privacy and security risks they believe the PlayStation 3 poses. The PS3's connection to PSN is protected by SSL. As is common to SSL implementations, the identity of the remote server is verified using a list of certificates stored on each PS3. The credit card and other information is sent over this SSL connection. So far so good; this is all safe, and your web browser depends on the same mechanisms for online purchases.

The concern raised by the hackers is that custom firmwares could subvert this system. A custom firmware can include custom certificates in its trusted list. It can also use custom DNS servers. This raises the prospect of a malicious entity operating his own proxies to snaffle sensitive data. He would distribute a custom firmware that had a certificate corresponding to his proxy, and that used a DNS server that directed PSN connections to the proxy. His proxy would decrypt the data sent to it, and then re-encrypt it and forward it to the real PSN servers.

Such a scheme would be transparent to PSN users (except for any potential performance reduction caused by the proxying), and would give the attacker access to all the information that the PS3 sends to Sony. This information is shown to be extensive, but apart from the credit card data, probably not too sensitive or unreasonable.

As flaws go, the risks here are not substantial. There is no generalized ability for hackers to grab credit cards from PSN users; only those using specially devised custom firmwares would be at risk. Essentially the same risk could be faced by anyone downloading a pirated version of Windows: extra certificates could be added to those normally trusted, along with suitable DNS entries, to allow interception of any traffic destined for, say, In practice, the risk of either of these is slight, and in any case, trivially avoided: don't use custom firmware.

The original story is below, but note that the claims originally made by the hacker quoted in the article are unsubstantiated.

Sony has officially stated that anyone using hacked firmware or any sort of circumvention technology will have their console banned for life from the PlayStation Network, but how does the company know when such a console logs in? One person claims to have broken into the PlayStation Network, and what he has found is rather shocking. If his findings are accurate, your credit card information is being sent to Sony as an unencrypted text file, and Sony is watching every single thing you do with your system, keeping detailed records all the while.

"Sony is the biggest spy ever... they collect so much data. All connected devices return values sent to Sony's servers," the hacker said. He claims that Sony knows what controllers you're using, what USB devices are plugged in, what sort of television you're using–everything. Here's another section of the chat log:

• user2: another funny function i found is regarding psn downloads
• user2: its when a pkg game is requested from the store
• user2: in the url itself you can define if you get the game free or not. requires some modification in hashes and so on tho
• user3: ..
• user2: is like
• user8:
• user3: my god
• user2: drm: off

That's not all: your credit card information is apparently being sent as an unencrypted text file. This is how the code is being sent to Sony:

example street%2024%20&

This information is allegedly being stored online and is updated every time you turn on your system. We've been receiving reports from various sources that e-mails are being sent to those with hacked firmware even before they log back into the PlayStation Network, which is even more evidence that Sony is grabbing information from your system just from being connected to your wireless network.

The ability to enable free downloads is likewise unsurprising, as there may be a way for some users, such as press and developers, to access the PlayStation Network without needing to pay for content.

While other console manufacturers may keep free, pre-review content in a separate, closed-off network, it's possible Sony keeps everything in one place, and controls who pays and who doesn't via a simple toggle. That would be unsafe from a security standpoint, but when has that stopped anyone from stupid mistakes in the past?

It's also very possible this is all fake, but much of what the unnamed hacker is saying links up with what we know from other sources about the behavior of the PlayStation Network. It's worth treating this as a very real threat: use PSN cards instead of credit cards on the PlayStation Network, and make sure you don't share any passwords or login information between your PSN account and other accounts.

We've contacted Sony for comment, but have not received a reply at time of publication. The hackers joked that the next update will remove the PlayStation Network, just as Sony removed the Other OS feature when it became compromised."

Finally, Computermaster has tweeted the full log HERE for those interested.

PS3 Hackers Address Potential PSN Security Issues and Bans

PS3 Hackers Address Potential PSN Security Issues and Bans

Follow us on Twitter, Facebook and drop by the PS3 Hacks and PS3 CFW forums for the latest PlayStation 3 scene and PS4 Hacks & JailBreak updates with PlayStation 4 homebrew.

#21 - crazelunatic - February 17, 2011 // 11:50 pm
crazelunatic's Avatar
so i guess if i use a 3rd party peripheral such as a led light gun designed for ps2 light gun games, sony can mistake it for a jb chipset?

#20 - NoZart - February 17, 2011 // 11:48 pm
NoZart's Avatar
The hacker proposed some very intelligent thing: Going through all IDs possible and get everyone banned.

This is really sinister, but could actually work. If too many false positives get banned, Sony MUST deactivate the banning mechanism to protect the legit users. Sony then needs to come up with a different method, most likely weekly updates with rotating encryption.

But the one who dares doing that risks serious damage to his life. And i am not talking geohot getting sued damage, i mean getting your rear pounded in jail damage.

#19 - barrybarryk - February 17, 2011 // 11:32 pm
barrybarryk's Avatar
First of all, yes it does log the unique device descriptors every USB device has (used to identify a product for drivers in a PC). Use charles and have a poke yourself. Your TV can and does identify itself via HDMI (only HDMI though) thats how the PS3 knows it's capabilities (vRes and audio types) again watch your packet flow and try it for yourself.

#18 - Xplic1T - February 17, 2011 // 11:31 pm
Xplic1T's Avatar
this is true..

#17 - docster - February 17, 2011 // 11:30 pm
docster's Avatar
Not true, HDMI has a built in ability to communicate with other equipment. Each manufacturer have their own name for the technology Sony calls it BRAVIA. The BRAVIA Sync function allows devices to communicate with other Sony equipment supporting the Control for HDMI function.

It only stands to reason that if the two devices can interact then the TV and PS3 can identify each other for compatibility.

#16 - NoZart - February 17, 2011 // 11:25 pm
NoZart's Avatar
Untrue for HDMI. EDID info includes maker, model, and supported resolutions, colour bandwidth and so on.

You can easily test this: hook your TV to your PC vie HDMI to DVI cable, and Windows displays the make, model and resolutions for the TV.

#15 - pjmiller435 - February 17, 2011 // 11:22 pm
pjmiller435's Avatar
that's insane, the tidbit about credit card information.

#14 - crazelunatic - February 17, 2011 // 11:20 pm
crazelunatic's Avatar
what's funny about this is that if a security threat like that existed then legit users might as well throw their ps3s out the window LMAO ROFL

#13 - Pretikewl - February 17, 2011 // 11:10 pm
Pretikewl's Avatar
A lot of this does sound "scary", but the reality is, it comes down to using trusted sources if you're going to hack.

Could it be done? Sure. However, if you're going to go through the trouble of using CFW or any other type of hack, you should do your homework and research it before installing.

If you go blindly using any program/tool that's put out on the web without checking it out first, you deserve what you get. This is true for any software.

#12 - Xplic1T - February 17, 2011 // 11:07 pm
Xplic1T's Avatar
Damn son... i bet sony will be pissed if thats legit.