Slashdot Mirror
New PS3 Firmware Contains Backdoor
Vectormatic noted the rumor floating around that the most recent PS3 patch has a backdoor, and "Sony can now remotely execute code on the PS3 as soon as you connect. This can do whatever Sony wants it to do, such as verifying system files or searching for homebrew. Sony can change the code and add new detection methods without any firmware updates."
Didn't you learn from your mistakes the last time you tried this?
Wow, the "source" for this speculation is an IRC conversation.
Not that I respect Sony considering what they've done in the past but I think I'll hold off judgement for a bit longer on this one.
"Action without philosophy is a lethal weapon; philosophy without action is worthless."
Makes you wonder how safe is it really to use these "game console" things, which is really a computer with no local rights to OS control.
Build your own energy sources from scratch. http://otherpower.com/
Who is logging into their PSN account with homebrew on their PS3?
But such a control-freak move seems so out of character for Sony. I mean, Sony installing an intrusive backdoor that could potentially be abused, just to fight a few pirates? I can't think of a precedent for that.
SJW: Someone who has run out of real oppression, and has to fake it.
Why is this surprising? Some might say backdoor, all it is is an update mechanism. Are there going to be articles on how Firefox has a backdoor that allows execution of any code Mozilla want?
The "article" calls this a rootkit. The summary calls it a backdoor. Neither is strictly true.
Rootkits allow unauthorized users root level access and backdoors allow unauthorized remote users access. In this case, you're installing Sony software and this software allows Sony to autoupdate their software and remove cracks. This isn't much different from Chrome autoupdating or Firefox blacklisting certain extensions. The only real difference is that Sony might not have been all that forthcoming about the fact that this new firmware has this capability. My guess is that if you look at the EULA carefully, it does specify that they are allowed to do this.
I would suggest that if you think they have trampled on your rights, then take them to court. Sony will just keep making their firmware more and more "evil" until a sizable number of users stands up and says "no more".
I don't know anymore. We know why they are doing this. To stop developers from thinking that the platform is dead to develop for because there will be rampant piracy.
And to stop cheaters. I'll tell you, I've just recently gotten into online shooters lately (MoH and COD:BO), and I'll tell you, I swear to god the amount of hacks and cheaters* just makes me not want to even bother.
I'm almost siding with Sony on this one. It's almost to the point that you have to buy as soon as it comes out and then you have a window of enjoyment of a month. Then it's worthless. To me, what's the point?
Unfortunately, they didn't just do all this up front, so a lot of us already have our PS3s and little to no recourse.
They will love you for it and come back for more.... erm... I think not. Sony went off my possible purchases list forever when they removed the OtherOS feature. Just makes you wander how far up their buts do the heads of Sony business people really have to be to pull this kind of reputation damaging stunts and actually believe that it will improve their bottom line.
I give up. I am tired of fighting companies for my hardware that I have purchased. Apple, Sony, and Microsoft are wasting my time. I hacked my PSP because I wanted faster load times. I Hacked my iPhone because I did not agree with being charged twice for data. I hacked my PS3 just for fun. I quit.
Is it just me, or I could swear that I 'bought' my ps3 and it said nothing about a cable box like rental on the box. Why is it so hard for Sony to understand that this is my property and to leave it well enough alone? If they want to arbitrarily execute code on other people's property it crosses the line to hacking and that's criminal to in most jurisdictions.
What they have done is no different that the cable company demanding root level access to your computer in order to go online. People would be outraged there, why should a game console (which is just a dedicated computer) be any different?
If it IS true, then I don't see it as being legal, at all. I certainly do not recall seeing "Sony retains the right to install and execute software in the background, and obtain information about files stored on the device, and engage in general butt fuckery of our users, without user approval" or anything remotely like it in the EULA's.
I'm suddenly very happy that I decided not to buy a PS3. It's too bad, because it really was an attractive system.
They were dumb enough to root your PC and dumb enough to use GPL code in their proprietary DRM. They were dumb enough to tout 192 khz as the dogs bollocsk because it was able to reproduce sound more faithfully and at the same time that a watermark below that range was not audible.
So they're definitely dumb enough to do this.
You're posting an unsubstantiated rumor accusing someone of something pretty major. A rumor overheard in an IRC chatroom. /. to require New York Times level of journalism (or even Fox News) but come on.
I don't expect
D
The first, last, and only tech news site on the net
Sounds like something from World of Warcraft? They download code that executes and without proper handshaking they know you've done something funny. Not quite the same as the Warden stuff but close enough and a real PITA to get around I'd expect. If this is simply a hook to allow the download\execute of code it's potentially a real bear to solve short of not using their network. :-(
Build it, Drive it, Improve it! Hybridz.org
I know it does not exist yet, but a few years from now, there will probably a PS4 because the PS3 is becoming obsolete.
At that point, everybody should remember that Sony is managed by assholes and cannot be trusted...
C - the footgun of programming languages
the same as Microsoft uses to detect and ban 360's
Um, no? M$ uses the MAC and unique console ID and does the banning entirely on their own end. There is no code executed on the 360 at all.
If this is more than speculation, couldn't Sony be tried for the same 'hacker' bullshit they tried some kids for over the last few years, which I believe was "using a computer system without authorization" or something along those lines? If it's not legal for us, it's not legal for them.
If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
Bash.org archiving reliable reporting sources since Wednesday February 02, @12:16AM.
Such as ...
Cthon98's expose on gullibility and technological literacy
erno's scandal on the misappropriated resources
CRCError's report on the abuses of power
DragonflyBlade21's critique on the human condition
... and of course entertainment news...
JonJonB's review of Harry Potter
This is my footer. There are many like it, but this one is mine.
Has Sony done anything worthwhile?
Successfully sued Universal City Studios (now a division of Comcast) to allow the importation of Betamax VCRs into the United States (Sony v. Universal), establishing the substantial noninfringing use test.
broke the NES/SNES monopoly
What monopoly? Long before "Droid does what iDon't", there was "Genesis does what Nintendon't".
I was planning to get a PS3 once the price dropped
Stick with PCs. They're the only way you can be sure not to have an intentional backdoor used against you.
Any PS3 games that will not play on the 360?
MGS4 isn't ported because it fills the Blu-ray Disc and would fill three or four 360 DVDs. LittleBigPlanet isn't ported because it's a first-party exclusive positioned as a system seller.
Normal firmware updates are essentially non-consensual, so I don't get what is to sensationalize about pushing point releases as well as big updates over the PSN.
Disclaimer: I don't own a PlayStation 3, but I am fairly certain you don't have the option of running old firmwares, you're forced to upgrade anyway if you want to play any games.
Brian Fundakowski Feldman
Future PS3 games will require the latest firmware be installed in order to play.
There's no way in hell I want to install a firmware that intentionally creates a backdoor into my system.
Therefore I have no other choice but to stop buying PS3 games. Sony will be losing my (albeit small) source of revenue and perhaps others will handle the situation in a similar way. Thus Sony loses out on revenue they'd otherwise have had they not made this move.
And I wonder if those in such a position will turn to piracy simply because they don't want to install a backdoored firmware -- further hurting Sony's bottom line.
Sony really doesn't seem to think these things through.
For all we know some people in some group, responsible for one aspect of the project, got this thing included. I doubt that the CEO of Sony and the guy who put the rootkit in the music division talked to each other and the entire PS3 group.
Except for ending slavery, the Nazis, communism, & securing American independence, war has never solved anything.
I'm just holding out hope that "real" computers will at least remain available
Or we could just run Linux.
That is, if you can even buy a computer that respects your freedom to run a version of Linux that isn't Tivoized. If the PC market were anything like the mobile and console markets, one would have to buy a multi-thousand-dollar computer on which to make even the simplest of apps and a $100 per year or more certificate just to be able to run apps that you have made on a computer that you have purchased.
The rules have always been quite simple. You can do whatever you want with your PS3 as long as you don't go onto Sony's gaming network. Microsoft does the same thing with its Xbox Live - you play by the rules or not at all. The sheer number of people whining about this when it's standard boilerplate business practice to control access to your own servers and private network(s) is amazing. When you connect, it verifies that you aren't running any malicious code or hacks/cheats. This has been a staple of online anti-cheating software since the late 90s.
And, no cheating isn't controlled by having "better availability and providing value with a purchase a pirate cant get.", as one person wrote. It's entirely different in a console's case, since the games aren't pirated in the first place. Cheating in online games like this is controlled by making sure that everyone is using the same software and hardware. And, yes, the XBox does this already - they scan your machine and shut you down if you are caught cheating.
Concerning the source, this site really needs to hire someone to double-check new posts for basic common sense and validity before allowing it to.go live. IRC chat? Seriously?
What's unsafe is the potential for this to spread beyond gaming-specific hardware. Recall that Apple's App Store business model was largely a copy of the Xbox Live Indie Games model that preceded it by several months, right down to the $99 per year certificate and the 30% take on app sales.
I doubt the situation is any different from XBL where they've engaged in waves of bannings presumably by deploying similar tests. Did anyone seriously think Sony would sit idly by and let modders / pirates retain full access to PSN? Seriously?
All it requires is a year's worth of patience to wait for the pricedrop.
By which time any attempt to play the game online will result in discovering that the matchmaking servers have been shut down: "DNAS Error -103: The software title is not in service."
Sony invented LaserDisc, Philips invented CD. And what we now know as a CD is the result of a joint task force between the two.
Interesting reads are wikipedia or "The CD Story" written by one of the engineers on that task force: http://www.exp-math.uni-essen.de/~immink/pdf/cdstory.htm
Hivemind harvest in progress..
In the USA suits do lawsuits to make law by precedent. Also, laws make suits.
Hivemind harvest in progress..
MS is beyond the point where you debate and criticize their moves: it's considered evil and that's it (rightly so, by the way!). Sony, apparently, hasn't reached that position yet.
New countermeasures of this kind were also incredibly obvious and likely once the console couldn't rely on code signing any more.
Isn't that like saying that you didn't beat someone to death your right hand did.
A CEO should be held responsible for the actions of the company they run. Isn't that one of the reasons they earn those multi-million dollar pay packets.
I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
It sounds like this device, along with web TVs, need to be placed on a VLAN so they can be firewalled off from other local LAN resources.
For one, you can refuse updates under Windows.
For another, you can revert your windows machine.
For another, you're told what they're updating and if you find it in error, then you can sue.
Most decent console games are also available on the PC. The handful that you'll miss out on won't really matter in the long run anyway.
PCs are missing almost entire genres, such as fighting games, which are designed for same-screen multiplayer. Publishers think there aren't enough PCs connected to large monitors to make a market. Capcom, for example, made the Super edition of Street Fighter IV console-only because the first edition sold poorly on PC and because too many people were making infringing copies of the PC version instead of buying lawfully made copies of the PC or console versions. And what's a good PC counterpart to platform-fighting games such as Super Smash Bros.? Or does the fighting genre not "really matter in the long run anyway"?
So they will run some piece of code your machine in order to detect whether you are running some modified software.
But we now have full control over the machine, so we can just sandbox Sony's code, and give it a view of the machine that looks like an original unmodified one. the code will sent the right answer to Sony's server and we can still run modified software. What they're trying to do is just logically impossible! (just like any working DRM system)
Remote code execution - Connected Web CAM - I see a big brother system in the making. Maybe the CIA added the backdoor so they can look for terrorists using PS3 for plotting their next attack. Or it could just be some sex starved computer geek wanting to spy on his "girl friend". I see a huge series of privacy violation law suites in the making. AKA school system spying on students using remote webcams.
A CEO should be held responsible for the actions of the company they run. Isn't that one of the reasons they earn those multi-million dollar pay packets.
Of course not, silly person!
They earn those millions because they won the "race-to-the-bottom" against all the other corrupt, amoral corporate executives competing for the position by being the most ruthless and amoral in their pursuit of money and power.
It's rather like a twisted "executive Darwinism" that's encouraged and enabled in the US by corrupt Progressive politicians in BOTH parties that have abandoned the Constitution and the rule of law starting about 100 years ago and having grown worse every year since because people can't be bothered to pay attention, educate and inform themselves, and then do something about voting them out.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Actually I don't think people from different divisions of Sony talk to each other much.
Sony seems to be more a group of companies under one name, than a giant mammoth working in sync.
Some of their divisions don't seem to even get along. etc Sony music vs Sony electronics
It appears it has been like this for decades...
Hence I try not to punish one division for the sins of another, because chances are they had nothing to do with it.
Actually I think the CEO of Sony is very much a lame duck.
Internal politics of other power brokers seem to have a lot of influence.
I'm no fan of Sony but I'm even less of a fan of intellectual dishonesty. Cheats before the key release were mostly glitch exploits but now the game has been ruined by hackers. Read about the lobby hack and how hackers can reset your stats. It's a mess.
Overdo it and you'll find out that people disconnect their PS3 from the network once for ever and use it just for standalone games and movies. Fat chance to sell anything over PlayStation Store after that...
This is probably the only painless way to curtail online cheating. Even matchmaking systems that put people amongst those with the same 'skill' will miss cheaters who are either really bad, or ones who don't cheat all the time and thus are in a lower skill bracket.
Why do I say painless? At the end of the day... it's a game console that plays blu-rays. I'm not ordering things online (save for the PSN) or logging in to my bank accounts or email on it. If something hacks my PSN account and buys a bunch of crap, chances are I wouldn't be the only one and it would be rectified via a class action or my credit card company's fraud department in short order. If it somehow manages to do something to the other machines behind my router, then shame on me for not securing them properly. The worst I could think of is it activating the wifi card and attempting to sniff the wireless nearby, but I've never given it the WPA key and wireless "security" is forfeit to begin with.
In any case there seems to be a ton of FUD spreading regarding this. They could have just as easily built that function in on day 1 and this would be a non-story.
With interactive chart of events over time, from both sides where something was done and later undone by the community. This kind of opera needs to be charted for the muses of future generations.
I thought I read somewhere that HDTVs are now outselling SDTVs.
Out-selling, yes. Out-deployed, no. Even if an HDTV is down to $300, the SDTV that you already own costs $0. Until the first round of LCD HDTVs start dying of old age, we can assume that hand-me-down TVs are likely to be SDTVs.
It stands to follow that people buying new consoles are more likely to have HDTVs now.
In the living room. A lot of times, the console is stuck on a hand-me-down TV, not the big monster TV in the living room or home theater.
Yes, I mean that the computer market might revert back to doing work on dumb terminals, as was common prior to the Apple II. Web applications already show the beginning of this trend. Most people use their PCs for the proverbial "homework and Facebook": viewing works and occasional light-duty creation.
I wonder if there's a crack in the EULA that would allow Sony to be prosecuted for unauthorized access to a computer system? It certainly doesn't seem likely to me that anyone who had installed cracks would knowingly authorize Sony to access their system.
Excuse me while I rush out a buy one........or not.
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
This "Rootkit" or whatever you want to call it contacts sony servers the minute that it is booted...Not just when you access PSN... And it will continue to retry ports until it has exhausted all of them. This is without even attempting to login to their servers(PSN)....So I'm totally against this...as it is a major violation of my privacy......I'm still confused tho....The $600 I paid is for a rental? At least that is how it feels at this point considering they change it all the time and give me no choice whether I want these changes or not...
what's inside a Sack Boy.
Wait until some hacker figures out how to pry this door open and starts killing PS3's the moment they connect to the Internet. Then there will be a huge Sony PR problem.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
I really drooled over the PS3. So many times I almost shelled out for one. Unfortunately Sony kept making we leery of purchasing one. I finally saw that the private key was had and began plans to buy one. Now I think maybe I'll just build a media center for my new HDTV instead. The only thing wrong with sony products is Sony.
Let Sony send your PS3 some packets to execute, and replace them. Hmm, how about the neighbours PS3?
This must be the worst idea since edible underpants. I mean, there's probably a market for it, but really?
You're running their OS by choice
Sure, I'm running a video game console operating system by choice, but it's a Hobson's choice arising from a chicken-egg case. End users aren't going to dump consoles en masse for home theater PCs because neither are the publishers, and vice versa.
Progressive
That word doesn't mean what you think it means.
When most of the populace gets themselves stuck in a sticky situation, they expect the government to bale them out eventually. It will either be in the form of a class action suite, or regulation. It's because of this only 'hippies' do old fashioned things like boycotting.
Once you start despising the jerks, you become one.
Our Company, which uses many SONY-type products, banned them after the music rootkit incident, and we have never looked back. This confirms our decision was correct.
Why would you let any company in you domain that has *proven* hostile intent?
If it were Apple we would do the same, as much as we love them, we'd scale back to the least amount and then buy their products secondhand, as we are in the arts and it is a necessary thing to use some of their products.
We would love to do this with Adobe, even though they are not quite as malicious as they are pompous and lazy - but that's not really on the scale of what SONY willingly does.
We've partially banned Microsoft and are presently buying ONLY secondhand. They need to really shape up if they are to allowed back in our company.
It's called "voting with your wallet".
Open Source is what we're waiting for really and we support some projects with cash. We urge you all to do the same. It way past the time to put these companies "on notice".
~hylas
the problem is that now they can sniff your home network to see what you're doing. They can run a search on your network for any shares/media streams with "pirated" movies/media then start investigating/prosecute you. They could also try to monitor what else you're doing on your network/internet. Before you would hope that the firmware updates wouldn't do that, but if so you could figure out what firmware it was and hold sony responsible. Now they could connect to your ps3 whenever they want and run whatever they want (provided your ps3 is turned on).
On top of that, installing something like this opens a vector for malicious hackers to bypass your firewall/router and have free reign of your home network.
as i somewhat stated in another thread, the problem is that the firmware updates held sony responsible for what your ps3 did. as in anything unethical/illegal could be tracked down to a firmware update. Now sony could cause your ps3 to do whatever it wants whenever it wants and you can't prove that they did it.
You really ought to study your history a little more, and I say this as someone at least sympathetic to your claim. Vanderbilt, Carnegie, Rockefeller, and Morgan, titans all, were no less ruthless than today's corporate executives, and all of them started over 150 years ago. The government was drastically different then, but don't delude yourself into thinking that it was less manipulable, or that these men didn't take advantage of every loophole and extralegal arrangement they could get their hands on. Nor should you think that politicians were all upstanding individuals who would never collude with massive corporations; such deals are the backbone of the American economy, then just as much as now. Don't get me wrong, I'm not trying to vilify Vanderbilt et al., they were all philanthropists and very smart men, but that does not mean they weren't among the most ruthless businessmen to ever walk this Earth.
And in regards to the parent post, corporate executives are accountable for the actions of the company. They are accountable to the board of directors and more importantly to the shareholders. No CEO walked away from a failing corporation with a massive bonus that wasn't approved by the shareholders, although that approval most likely came as a term of employment made when the company was still in the black. To suggest that a corporate executive should be held accountable to an extra-corporate body (like a government) for the actions of the corporation at large (rather than just his own actions) is to fail to understand the purpose of a corporation. A corporation is not a sole proprietorship, and a CEO is not a dictator. If the CEO encourages or engages in illegal behavior, then he has committed a personal crime and can be accused, tried, and convicted of such. If the company engages in illegal or unethical behavior, without the direct (demonstrable) support or involvement of the CEO, then a government can take action against the corporation (such as fining it, dividing it, disbanding it, or even nationalizing it, depending on the laws), but it cannot take action against the CEO (assuming that contract law carries weight in the country where the corporation resides, as in most of the world).
Oh, look, they've stolen Apple's motto, too.
Sony has been on my skiplist for a long time now. I was seriously interested in programming the Cell chip, but it was welded at the hip to the Blu Ray tumour (and the politics that come with it), so I gave it a pass.
Recently purchased a camera as an mxas gift. Asked some people about their experiences. People who bought Sony AV equipment in the past had some stories about lack of ordinary interop, to put it mildly. Some of them put it in a good light: it's a lot better now with Sony's new products. Sorry, I've got better things to do than track Sony's progress through reform school.
Never much liked Frank, either.
Portrait of the Artist as a Young Man
More or less same school of management.
Hackers were having fun playing around in Sony's little Other OS sandbox. There were a few that weren't happy with 2 SPUs being disabled in the sandbox, so they were looking for a ways to access all the hardware, which they found and lead to the disabling of the Other OS. For the most part everyone was happy.
This gave them basically 4 years where hackers were not trying to break the security. Then they disabled the Other OS functionality not allowing the hackers to play. If you make hackers unhappy, they will find a flaw in your system and exploit it to give them full access to the system and they now had a relatively large number of hackers testing the armor. If they had just left it alone they probably wouldn't have the problem they have now.
If they didn't have the Other OS option from the start, the dent in the armor most likely would have been found not to long after launch, so the last 4 years the key would have probably been out in the open.
Microsoft, Apple, Google, Amazon what's the difference? All steal money from devs and control with walled gardens.
People would rather invent demons to ensure their hate can continue than make the effort to think. And I say this in a very general sense. In a way, Slashdotters are representative of that pettiest class of people - those who would act (our their hatred) rather than apply any thought to differing perspectives.
uhmm, it would be REALLY easy for sony to create a program to monitor what movies you watch through your ps3 and look at what content your streaming servers are offering, then report it back to sony. Since sony is part of the RIAA/MPAA i could see this as being very likely (not by targeting me personally). As far as the network security goes that's actually what I did last night, went out and bought a new media player and set up my ps3 in a DMZ. My network was/is set up securely enough so that they can't sniff traffic but they could interact with other machines on my network since it needed to access the media server. The only way it could have been more secure is if it was in a dmz and could only access the streaming media service on my network (which would still not solve the situation I'm describing) but since the ps3 wasn't available to arbitrary incoming traffic from the internet before I didn't see it as necessary. Now that it is (or it may be, i'm still not totally convinced this article is legit), the machine now needs to be isolated from the rest of my network (for general security reasons, not just attacks from sony).
So exactly what did i say that was not correct?
You're actually enforcing what i said earlier. Except for your first mentioned citation:
Got source? I can not find that sentence, Google can't, and Bing can't.
Hivemind harvest in progress..