

PlayStation Network being rebuilt - eswat
http://www.shacknews.com/article/68217/playstation-network-being-rebuilt

======
marshray
The big concern that they didn't mention is the manner in which all the PS3s
in the field seem to trust their back end. In addition, the PS3's hardware
root signing keys have been leaked.

Consider that 50 million PS3s sit in perfect position (behind the firewall) to
execute a local-LAN man-in-the-middle attack on millions of home PC users.

What would happen if Sony's compromised backend were to push down a malicious
software update? Perhaps they already have.

This attacker could instantly have the biggest botnet ever, by a factor of
10x.

What's their next move?

~~~
watty
This is a huge stretch. So all a hacker has to do is break into Sony's update
servers, create a signed hacked boot loader that automatically starts a MiTM
attack on home users? Wouldn't it be easier to break into Google servers and
install a malicious Chrome update?

~~~
marshray
_This is a huge stretch._

It's the type of thing that's been done before.

 _So all a hacker has to do is [1] break into Sony's update servers, [2]
create a signed hacked boot loader that automatically [3] starts a MiTM attack
on home users?_

Yup. Sony appears to be saying that 1 has happened with malicious intent. I
believe 2 has been done by console hackers with not-necessarily-evil intent,
at least as a proof-of-concept. 3 exists as portable C code.

Alternatively, the bad guys might just want to use their PS3s as the world's
largest DDoS platform.

*Wouldn't it be easier to break into Google servers and install a malicious Chrome update?

I doubt it, Google's security is usually pretty good. Even still, that's
something that would probably be easier to uninstall.

I wrote a blog post about this with more info at
<http://extendedsubset.com/?p=47>

------
randrews
I wrote a comment about this on Reddit and got downvoted to oblivion, don't
know why, but here it is:

I have a PS3. Last night I unplugged it to move it from one room to another.
Most of the games I have are downloaded from PSN, and I found out today that I
can't play them, even single-player.

See, it apparently checks the system clock before it runs things, unplugging
it reset the clock, it only trusts the clock if it was able to set it from the
network, and with PSN down...

So is anyone else having this problem?

------
alecco
Good luck finding competent security developers, Sony.

------
ScottWhigham
We use the PS3 for Netflix streaming and so we haven't been able to watch
Netflix for a week. It always pissed me off that I had to create a Playstation
Network account then log in to it just to watch Netflix.

~~~
nuclear_eclipse
I've thankfully had my TiVo to use for Netflix as a backup, but the TiVo
interface for it is extremely limited by comparison. No searching,
recommendations, captions, or anything other than the instant queue; anything
else has to be done from a PC. Oh, and the normally slow input for TiVo is
even worse when using the Netflix interface...

I'm tempted to buy a Roku or Apple TV just to use until PSN is back...

------
jrockway
Is this related to the geohotz thing?

~~~
sp332
I've heard - though nothing more substantial than rumor, it seems like it
could be true - that some pirates had modified their PS3s to sign in to PSN
dev channels, and then hacked the dev channels to pirate games via direct
download from PSN. Although not directly related, some of that would have been
facilitated by GeoHot's publishing of the signing keys for PS3 binaries.

~~~
1880
I have seen tutorials about that method in several forums. People were adding
funds to their account for free and downloading tons of paid content. That's
plain stealing, and I'm happy that Sony may be fixing that.

~~~
JoachimSchipper
Would Sony really take down the whole network just to stop some pirates? Maybe
the dev network has access to more juicy stuff (e.g. CC data)?

~~~
count
Given the use of a static 'random' variable, who knows what other kinds of
trusts were hidden behind simple obfuscation?

