A pair of PlayStation 5 breaches shows the consoles don’t have protection from attackers taking over its most basic functions.
Both exploits were posted on Twitter on Nov. 7 without disclosure to Sony or specifics, but they nonetheless signal potential security problems to come for the gaming giant.
FailOverFlow, which has already earned a reputation as a prolific PlayStation jailbreaker group, posted a Nov. 7 tweet which appeared to contain the PS5 firmware symmetric root keys:
https://twitter.com/fail0verflow/status/1457499576676634625
In a subsequent tweet, the group claimed that it “…got all (symmetric) ps5 root keys.” FlailOverflow wrote, “They can all be obtained from software — including per-console root key, if you look hard enough!”
Translation: We got all (symmetric) ps5 root keys. They can all be obtained from software – including per-console root key, if you look hard enough! https://t.co/ulbq4LOWW0
— fail0verflow (@fail0verflow) November 8, 2021
The message is practically a dare for other would-be hackers to try to access decrypted firmware files for themselves.
PS5 Kernel Exploit
The second hack was also posted on Twitter on Nov. 7 by Google security engineer Andy Nguyen, who is also known widely in hacker circles as TheFlow. He was apparently able to access the PlayStation 5 “Debug Settings” menu, indicating he has a PS5 kernel exploit.
Wolo, which first reported on both breaches, pointed out this menu is typically only on testkit devices and allows quality assurance and development teams to install package files on the Sony PlayStation 5.
“But it can be enabled on retail consoles by patching some flags, located at specific addresses in the firmware at Runtime,” according to Wololo’s the Guardian.
Is Securing the PS5 Even Possible?
Both breaches put threat actors well on their way to installing pirated games, running emulators and more, according to public-interest technologist Bruce Schneier.
“Hackers may have just made some big strides towards possibly jailbreaking the PlayStation 5 over the weekend,” Schneier wrote about the breaches. “Decrypted firmware which is possible through FailOverFlow’s keys, would potentially allow for hackers to further reverse-engineer the PS5 software and potentially develop the sorts of hacks that allowed for things like installing Linux, emulators or even pirated games on past Sony consoles.”
Schneier added that he doesn’t think a hack-proof computer system will ever be a reality.
“Especially when the system is physically in the hands of the hackers,” Schneier said. “The Sony Playstation 5 is the latest example.”
Want to win back control of the flimsy passwords standing between your network and the next cyberattack? Join Darren James, head of internal IT at Specops, and Roger Grimes, data-driven defense evangelist at KnowBe4, to find out how during a free, LIVE Threatpost event, “Password Reset: Claiming Control of Credentials to Stop Attacks,” on Wed., Nov. 17 at 2 p.m. ET. Brought to you by Specops.
Register NOW for the LIVE event!