Sony has a nightmare on their hands.  Recent news from the Chaos Communication Conference 27C3 has hit the internet with reports of a hacker group known as “fail0verflow” presenting a flaw in the security of the Sony PS3.  The presentation is available on youtube in the first of 3 parts.

Now, four days later, famed iPhone hacker GeoHot has published the PS3 root key.  And it appears he is soliciting employment:

“if you want your next console to be secure, get in touch with me. any of you 3.
it’d be fun to be on the other side.”

The PS3 root key can be used to sign any  code to run on the console and make it appear as though it was signed by Sony itself.   Can we say OOPS?

To be clear, the exploit hasn’t exclusively made it possible to run pirated games.  That’s already out there.  What it does do is totally deconstruct the PS3’s security to the point where a hacker could run anything they want.

As seen in the youtube video demonstration, the fail0verflow team bypassed several initial security measures including chain of trust, a hypervisor, and signed executables.  The critical failure came when it was found that a parameter that should have been randomized for each key generation was not randomized at all.  This allowed the team to generate acceptable keys.

From ECDSA Wikipedia article: “It is crucial to select different k for different signatures, otherwise the equation in step 4 can be solved for d_A, the private key”

This is an ugly failure in basic well-documented methodology.  Furthermore the team demonstrated the installation of Linux on the system.  More about the exploit will be revealed when the fail0verflow website comes online.

Interestingly, it appears that Sony brought this on by removing Linux (OtherOS) as an option in the first place back in early 2010 via a firmware update and omission from PS3 Slim.  Well, take a hacker’s shell away and he will fight to get it back.