Gaming the Security

Modern game consoles are not only dedicated to gaming anymore, they rather offer a great variety of entertainment and many methods to support the whole gaming experience by offering platforms to meet other gamers from around the globe, share thoughts via private messages and status updates, a fully fledged browser to surf the web, media server capabilities and even online stores to buy games and additional game content via credit cards and gift coupons, which can be bought at shops if you’re not having a credit card.

Does that remind you of something? Indeed, it’s actually pretty similar to a social network – and it can also be connected to Facebook & Co. to keep your friends updated what trophies or achievements you just won.

In terms of security the vendors of these consoles did a pretty good job, all inner systems got hardened and signed installers made sure you can’t install anything you want – which may annoy some people but keeps the system secure. But now it seems like the game has changed for the PS3. While it was possible to jailbreak the system with specially crafted USB sticks before, the first soft-mods are now available. The reason behind this? Four years after the release of the PS3 the master key was now found out by a group of modders. Many gamers now take their chance to individualize their system by installing a home-brew environment that allows to roll out programs unapproved by Sony.

So what are the consequences? First of all, many people will jailbreak the PS3 just for the sake of it, because it’s considered fashionable as it is with the iPhone, as my colleague Costin points out in a recent issue of Lab Matters. Unfortunately most people are unaware that this might open the floodgates for malicious or unwanted software. Parallels to the Ikee worm on iPhones are inevitable. This worm spread itself only via jailbreaked iPhones – making apparent how many devices are actually jailbroken and how dangerous this can be. And now home-brew software variants for the Playstation 3 have been released and are spreading through the web over different sources. Who knows what’s behind those offers? The original intention of the programs might be benign, but who knows if the installer package has been compromised and re-offered for downloading?

As pointed out before, buying games and related content from the online shop via credit card is popular and potentially dangerous if homebrew software is installed,as the software could carry out a man-in-the-middle attack or redirect to phishing sites. Alternatively, installed games or the respective game scores could be blocked and thus the software would act as ransomware or send out spam via the internal message system… There are many malicious possibilities that the bad guys can utilize for financial profit!

Are these scenarios realistic? -Unfortunately yes

Is it going to happen? -I hope not…