Cenzic 232 Patent
Paid Advertising
web application security lab

PlayStation 3 Hacking

Anathema sent me a link to a few posts he made to discuss PlayStation 3 hacking. This post is on possible PlayStation 3 exploits and this one is on PlayStation denial of service and memory exhaustion. Why do I care, you ask? Clearly I’m not a hardware guy and I can’t remember the last time I bought a video game. But, I am interested because the PlayStation 3 has an integrated browser (based off the NetFront browser).

The reason this is interesting to me is because more and more devices are becoming web enabled. Whether that means they run webservers or have browsers built into them, the point is the same. They are sitting out there, making or taking requests from who knows where, with unknown protection and with unknown ability to do or perform other actions. Let’s say for a second that PS3 was sitting behind a firewall of someone who worked at supersecurecompany.com and they use a VPN only to connect to their company. Now that I am running my code on that system, I could theoretically break into other machines on the network much easier since I am behind the firewall. This is far more nasty than I think most people realize. It might be a video game console but if it is web enabled and running over a shared internet line it should be just as secure as anything else.

7 Responses to “PlayStation 3 Hacking”

  1. Arnór Heiđar Says:

    good point

    Nintendo Wii is also connected wirelessly and you even access a special hub called wii-shop, where you can purchase games using your creditcard…

    Wii also has a browser based on opera, which you can use to browse any website - it even has a flash control, so you can use youtube in it…

    Just pointing out, I don’t really know the security implications of these things…

    Thanks for a good blog

  2. Alex Says:

    For the Nintendo DS you can get a special version of Opera to browse the web.

  3. ethernode Says:

    However, both PS3, XBox360 and the Wii make use of an hypervisor, which has to be evaded before thinking of exploiting a webbrowser vuln (check out the former Opera vuln in the Wii).

    Or is the webbrowser running in the main OS?…

  4. RSnake Says:

    If it runs JS, I don’t need to break into the OS, I just need the machine to start making requests for me. CSRF php vulns for instance is easily enough to break into other machines that people don’t update.

  5. ethernode Says:

    As usual i say crap; one can bypass the hypervisor now :p

    … Time to consider buying the monster

  6. anathema Says:

    I did not know that the hypervisor could be bypassed?, I am aware of of the OtherOS Demo program from MC.
    http://forums.ps2dev.org/viewtopic.php?t=8333

    Please tell more of how to bypass hypervisor.

    Regarding just using the browser it should be noted that the PSP hypervisor was first exploited by using a TIFF image exploit (which could easilly be crafted and hosted on a site).

    And more on what Rsnake said about all those possible browsers out there.
    The average parent would be wary about leaving a child on a PC connected to the net but they will not think twice about that same same child using a console.
    Consoles are usually brought for children by the hundrends of thousand around Xmas and these will all be network connected and open to all manner of exploits. .
    Parents if they care about thier home networks should be looking at the consoles they are buying for thier children.
    Also most offices/work-places etc will not see a Console as a security risk. . just like Ipods wern’t until the file grabbing begun.

  7. Justice Says:

    is there a way to save ps3 games to the system without having to need the cd again?