Sony's PS3 Security is Epic Fail
This morning was the big unveil at the Chaos Communication Congress in Berlin, and it did not disappoint. Here is a brief synopsis for those that missed it.
The first few minutes of the conference were spent explaining the state of security on other consoles (Wii, 360, etc). Following this, the group went on to explain the current state of affairs on the PS3. First, explaining Geohot's memory line glitching exploit from earlier this year. The team then went on to explain the current PS3 security bypasses, such as jailbreaking and service mode/downgrading.
Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs Following this, the team declared Sony's security to be EPIC FAIL!
The recent advent of these new exploits means current firmware is vulnerable, v3.55 and possibly beyond. It will be very difficult for Sony to fix the described exploits.
The team then displayed the website http://fail0verflow.com/
were we assume will host examples of the new exploits and further details. They stated that easy to use tools would be coming next month.
Stay tuned to this article and PSGroove.com we will be updating it as more info is availble. Also for those that missed the stream we will be posting links for you to download the entire stream.
# our goal is to have linux running on all existing PS3 consoles, whatever their firmware versions. less than 20 seconds ago via web in reply to KushanTheCat
# Our current PS3 goal: AsbestOS.pup 2 minutes ago via web
# For all those out there that think fail0verflow.com has been hacked - it hasn't. We're just busy working on a demo for tomorrow. Patience! 3 minutes ago via web