PS3 hacked again
Custom firmware puts compromised consoles on PSN, leak of LV0 decryption keys to thwart future security measures
Sony is facing new PlayStation 3 security headaches today, as Eurogamer reports that hackers have released custom firmware that allows for compromised consoles to go on the PlayStation Network, and LV0 decryption keys that will facilitate circumvention of future security updates.
PlayStation 3 security was largely undermined in early 2011 after hacking team Fail0verflow detailed a technique to get unauthorized code running on Sony's console. At the time, the group said they attacked the console's security as a response to Sony removing the OtherOS feature that allowed installation of the Linux operating system on the PS3. Eurogamer notes that Sony's 3.60 firmware actually managed to plug many of the security holes from that event, but piracy has persisted for those willing to run older firmware and not take their systems onto PSN.
However, the newly released custom firmware contains the current PSN passphrase security protocol. And even if Sony changes that with new firmware, the release of the LV0 decryption keys means that hackers should be able to easily lay bare future security measures in system updates.
According to Eurogamer, Chinese hacking group BlueDiskCFW had planned to sell the custom firmware circumventions, which prompted another group called The Three Tuskateers to release the LV0 keys. They also released a statement claiming to have discovered the keys some time ago, adding, "only the fear of our work being used by others to make money out of it has forced us to release this now."