Sony has suffered a major hack yet again, and this time it’s the biggest ever. Per reports, a new set of hackers have compromised the tough security wall of PlayStation 3's software security, guaranteeing that those who use custom firmware can run other software and pirated games from now on.
The new group, known as "The Three Musketeers," released a covert set of LV0 codes on Monday that can decrypt the PlayStation 3's Level 0 (LV0) security layer (used by the primary boot loader).
What this means is that hackers will now have the ability to release custom firmware for the device any time Sony updates the console's software. Basically, the new custom firmware gives PS3 owners the ability to run pirated games, homemade software, and even Linux.
“The first-stage bootloader is in ROM and has a per-console key which is effectively in tamper-resistant silicon. The second-stage bootloader (bootldr) is encrypted with the per-console key, but is not upgradable and is the same for all consoles (other than the encryption wrapper around it),” Marcan, one of the players in the fail0verflow exploit, wrote in a related Slashdot thread. “This second-stage bootloader verifies lv0. Sony signed lv0 using the same broken process that they used for everything else, which leaks their private key. This means that the lv0 private key was doomed from the start, ever since we demonstrated the screwup at the Chaos Communication Congress two years ago.”
Marcan further stated that all future games and firmwares are now decryptable, and Sony (at least at the moment) can’t do anything about it. Moreover, by extension, this means that “given the usual cat-and-mouse game of analyzing and patching firmware, every current user of vulnerable or hacked firmware should be able to maintain that state through all future updates, as all future firmwares can be decrypted and patched and resigned for old PS3s.”
However, there is a catch. Unless the user’s PS3 runs custom firmware, or can downgrade to a custom firmware, the new exploit means relatively nothing, for now. Nonetheless, according to a report, the group responsible for releasing the secret PS3 LV0 codes to the public only did so because a rival group had apparently stolen the information, and planned to sell the custom firmware to make a profit.
