PlayStation 3 security isn’t what it used to be—or perhaps it’s never been so great, it’s just taken the hacker community to catch up with it. This isn’t the first time that the PS3 has been hacked, the first was a jailbreak technique, but Sony managed to defeat that with a firmware update. This time, however, a much lower level system on the hardware has been affected and the encryption keys that enable firmware to be unpacked and run on the system.
According to an article published in Eurogamer the decryption keys leaked to the wild world of the Internet are the LV0 keys—necessary for the system to read and unpack firmware updates and install them. With these keys in hand, a console hacker can easily roll back any firmware update and still benefit from the changes made to access PSN (by just borrowing the new encryption passphrases for connecting to PSN from the new upgrade.)
In essence: The PS3 is now fair game to hackers who want to make the devices do anything that they desire. “the reveal of the LV0 key basically means that any system update released by Sony going forward can be decrypted with little or no effort whatsoever,” writes Eurogamer.
The hacking group who have done this public service for console hackers call themselves “The Three Tuskateers” and apparently discovered the LV0 keys some time ago. They sat on the discovery for some indeterminate period of time, but recently discovered that a Chinese hacker crew called “BlueDiskCFW” intended to sell the discovery for commercial gain. Not interested in letting other people benefit from this, the Tuskateers went ahead and leaked the keys publicly.
Although some sources announce the name as “Tuskateers” others call them “The Three Musketeers” including the manifesto that accompanied the release of the keys:
As this was a group effort, we wouldn’t normally have lost a word about it ever, but as we’re done with PS3 now anyways, we think it doesn’t matter anymore. Congratulations to the guy that leaked stuff, you, sir, are a 1337 haxx0r, jk, you’re an asshole.
People should know that crooked personalities are widespread in this so called ‘scene’. Some people try to achieve something for fun together and make the wrong decision to trust others and share their results with them, but ofc there got to be the attention seeking fame wh*** that has to leak stuff to feel a little bit better about him-/herself. Now the catch is that it works like this in every ‘scene’, just that in others it usually doesn’t come to light.The only sad thing is, that the others who worked on this won’t get the attention they deserve because they probably want to remain anonymous (also they don’t care about E-fame <3).
PS: This is neither about drama nor E-fame nor ‘OMGWEHAZBEEN FIRST’, we just thought you should know that we’re disappointed in certain people. You can be sure that if it wouldn’t have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now.
- The Three Musketeers
To date, Sony has not yet made comment on the leak of the LV0 decryption keys or how this will affect future firmware updates to the PS3. This hack only affects consoles and not the PlayStation Network itself—unlike previous hacks we’ve seen and the one that caused the shutdown of the PSN last year.
As the PS3 becomes the last generation hardware this leak may have less of an effect on Sony’s console market than it might have if it came out much earlier. If Sony releases a new console in 2013 or 2014, the PS3 will become the last-best-generation and this hack will probably be forgotten alongside numerous others that have affected previous generation consoles.