PlayStation 3 hacked, encryption keys exposed

Hacker group Fail0verflow has blown a big hole in the PlayStation 3’s security system. That is bad news for Sony, but also for the games-industry, whose wares may now be pirated. PlayStation 3 has been the most secure of the current generation consoles, the only one not being plagued by piracy in four years. So far, at least.

According to the GamesIndustry.biz newsletter, the hacker group has been able to exploit a flaw in the console’s security and forced the system to reveal the cryptography keys used to secure the PlayStation. Sony uses private key encryption, meaning that the who-ever holds the keys can run any kind of software on the console. This, of course, includes pirated games.

Last year, the PlayStation 3 was ‘jailbreaked’. However, the subsequent release of a few firmware updates had removed the threat of this hack. In doing so, Sony removed the OtherOS function, that allowed users to load another operating system, like Linux, onto the console. The jailbreak hack was thought to exploit this function. Disabling OtherOS, stated Fail0verflow, made the console a “valid target” as it hampered user freedom.

Fail0verflow, in their communication, profess not to be guided by a desire to capitalize on their achievement. Instead, they claim to merely aim to provide people with a freedom to tinker with their hardware, a need that OtherOS used to address.

In a reaction, Sony told Edge Magazine that they are looking into it and aim to correct the problem through a network update. As it entails a security matter, they refused to comment on any specifics. One of Fail0verflow’s members indicated that updates will not save Sony here. "This is as bad as it gets - someone is getting into serious trouble at Sony right now," Fail0verflow member pytey told BBC.

Even though the hackers claim to have no interest in piracy, they apparently also have no interest in thinking about the potential consequences of their actions. While Fail0verflow may not be immoral (hacking the console to seek rewards by pirating games), I certainly wouldn't call them moral. Instead of demonstrating the hack at a conference, virtually presenting the security keys to the world, they could also have contacted Sony with their finds, offering to bargain the restoration of the OtherOS function in exchange for helping Sony to remove their security flaw. In my mind, that would have been the right cause of action.