Sony sues over PS3 encryption hack

#1
An interesting piece of news for you nerds. :)

PlayStation 3 hackers have been hit with a lawsuit from Sony for publishing details of how to bypass the security features on its game console.

Sony claims that disclosing this information has caused "irreparable injury and damage" to the company because it now allows people to run pirated games on the PS3.

The PS3 was once considered invulnerable and the most secure games console ever built. It was the only one to have consistently withstood hacking attempts. But in December 2010 at the Chaos Communication Conference in Berlin a group of European programmers calling themselves fail0verflow revealed they had finally broken specific lower levels of the PS3's encryption system that let them run their own programs on the console.

Shortly after this, George Hotz, a US-based hacker known as geohot, who gained notoriety in 2007 for unlocking Apple's iPhone, built on fail0verflow's method to gain complete access to the PS3 by obtaining the master encryption key.

Crucially, Hotz then published a decryptor key for Sony's master key and released "jailbreak" software to allow others to run unauthorised programs and pirated games on their PS3. The hack comes as a huge blow to Sony, which produces and licences its own video games for the console.

Every file that is authorised to work on a PS3 uses a digital signature that is generated by Sony using a pair of keys, one of which is created by the firm, while the other, the "root" key, is encrypted within the console itself. By discovering this root key, Hotz was able to trick the PS3 into applying Sony signatures to any file, allowing unauthorised programs to be run on the system.

Both fail0verflow and Hotz maintain that their only motivation is to run their own "homebrew" software and games on the PS3 hardware. "I do not support piracy or counterfeiting," Hotz told New Scientist.

But in Sony's motion for a temporary restraining order it claims that publishing the methods and keys encourages piracy and violates the user agreement. "Indeed, in the last few days people have already started copying, playing and trafficking in pirated copies of video games," it reads.

"I am a firm believer in digital rights," says Hotz. "I would expect a company that prides itself on intellectual property to be well versed in the provisions of the law, so I am disappointed in Sony's current action. I have spoken with legal counsel and I feel comfortable that Sony's action against me doesn't have any basis."

Marcia Hofmann, an attorney with the Electronic Freedom Frontier in San Francisco, agrees. "The internet is a place where freedom of speech is protected," she says. And code counts as speech. Hardware is protected against hacking under US law. "But the law also contains an exclusion for reverse engineering where it is done to make a system interoperable with other systems," says Hofmann.

Sony's complaint also draws upon the US Computer Fraud and Abuse Act, arguing that the company still has some form of ownership of the console. "They are suggesting that if you access your own computer in a way that Sony doesn't like then you are committing a felony," says Hofmann. "That's a completely ridiculous scenario." And one that has already been unsuccessfully argued in court, she says.

Regardless of what happens with the lawsuit, it will be impossible for Sony to put this genie back in the bottle. Not just because the encryption keys are now widely available (not just on the internet but also on T-shirts and coffee mugs) but also because, according to fail0verflow and Hotz, no amount of software updates or patches can secure the PS3 against this sort of hack. Sony's only option, the hackers claim, is to change the hardware with an entirely new encryption system.

Taken from newscientist.com
Image
When people ask me plz because it's shorter than please, i feel inclined to respond no because it's shorter than yes...

Re: Sony sues over PS3 encryption hack

#4
The sue has no luck in my opinion. You have an end user who buys a PS3; he is free to do with it whatever he wants and of course he can tell others what exactly he did to the console. Where is the bad in this ?

Copy and distribution of pirated software is another issue from hacking a console you have bought and own therefore I believe that such cases are mostly for terrorism which usually falls in void as people who hack such consoles are extremelly intelligent and will not bite it. Always in my opinion...

Re: Sony sues over PS3 encryption hack

#5
Zorg wrote:The sue has no luck in my opinion. You have an end user who buys a PS3; he is free to do with it whatever he wants and of course he can tell others what exactly he did to the console. Where is the bad in this ?

Copy and distribution of pirated software is another issue from hacking a console you have bought and own therefore I believe that such cases are mostly for terrorism which usually falls in void as people who hack such consoles are extremelly intelligent and will not bite it. Always in my opinion...
But you know Sony will try pulling the "company still has some ownership over the hardware" BS.
Image
When people ask me plz because it's shorter than please, i feel inclined to respond no because it's shorter than yes...

Re: Sony sues over PS3 encryption hack

#7
I'm not very familiar with the laws, but I know jailbreaking iphones was illegal until apple gave their consent, so Sony might have some ground.
❦: I think this is supposed to be a pepper, in which case, it would be appropriate for my signature. If, however, it is discovered not to be a pepper, it will promptly be removed and anyone who refers to it will be deemed a conspiracist.

Re: Sony sues over PS3 encryption hack

#9
Latest news on the case.

Could Sony really have fixed the unfixable? That's the conclusion of one high profile hacker after examining the latest release of Playstation 3's firmware. According to Youness Alaoui, a hacker known as KaKaRoTo, this includes an apparent patch for a security breach for which there was supposed to be no remedy.

Sony is currently suing New York hacker George Hotz, aka geohot, along with a group in Europe calling themselves fail0verflow, for publishing details of how to bypass the security features of its flagship games console, allowing pirated games to be run on it. Previously the encryption on the PS3 was considered so strong that many believed it would never be hacked.

But in December Hotz built on a technique used by fail0verflow to penetrate the PS3 security and was able to go further and obtain the root key, an encryption key at the heart of all PS3 security. So fundamental was this breach that Hotz, fail0verflow and others immediately declared that it was game over for Sony. The only way to re-secure the PS3, they said, would be to upgrade the hardware itself.

Sony appeared to agree, describing the damage caused by the hack as "irreparable" - a major argument in a lawsuit they filed against Hotz. Last week, Sony was granted permission by a court in California to access the visitor logs for Hotz's website, suggesting that its legal battle will not stop with Hotz himself.

But according to Alaoui, the new firmware, version 3.6 released earlier this week, appears to have patched the damage. "For now, it looks to me (at first glance) that the PS3 has been resecured, but it doesn't mean it can't be broken again from scratch," he said in a tweet.

It is not entirely clear how Sony fixed the hack. PS3's security is based on layers of encryption, with one layer unlocking access to the next. Hotz's hack was so devastating because he was able to access the metldr root key which undermines this chain of trust by unlocking all layers. Sony's solution appears to side step this by simply not using metldr at all, opting instead for an entirely new security system. This too could eventually be hacked but it would involve starting from scratch, says Alaoui.

But not everyone is convinced by the fix. "I would be very surprised if this fix isn't hacked fairly quickly," says Theresa Verity, a cryptologic technician, in the US Navy's Information Dominance Corps, who goes by the hacking name of Squidly1. "For the fix to really stand it has to invalidate all previous keys and that would make all previous content unplayable," she says.

But even giving Sony the benefit of the doubt, if the fix does hold, the question then is what this means for Sony's lawsuit. After all if the hack isn't irreparable, then presumably neither is the damage.

Taken from newscientist.com
Image
When people ask me plz because it's shorter than please, i feel inclined to respond no because it's shorter than yes...
cron