New PS3 Firmware Contains Backdoor

← Back to Stories (view on slashdot.org)

New PS3 Firmware Contains Backdoor

Posted by CmdrTaco on Tuesday February 1, 2011 @01:46AM from the i'm-your-backdoor-ram dept.

Vectormatic noted the rumor floating around that the most recent PS3 patch has a backdoor, and "Sony can now remotely execute code on the PS3 as soon as you connect. This can do whatever Sony wants it to do, such as verifying system files or searching for homebrew. Sony can change the code and add new detection methods without any firmware updates."

21 of 491 comments (clear)

Min score:

Reason:

Sort:

AGAIN, Sony? by MarioMax · 2011-02-01 01:50 · Score: 5, Insightful

Didn't you learn from your mistakes the last time you tried this?
1. Re:AGAIN, Sony? by Dunbal · 2011-02-01 02:21 · Score: 4, Insightful
  
  Yes, they learned it was SO cheap that it's worth doing in all Sony products.
  
  --
  Seven puppies were harmed during the making of this post.
2. Re:AGAIN, Sony? by hypergreatthing · 2011-02-01 02:44 · Score: 3, Insightful
  
  ohh so you mean besides the sony root kit and remotely disabling blueray player fiasco didn't tell you way in advanced not to buy sony products?
3. Re:AGAIN, Sony? by Moryath · 2011-02-01 03:04 · Score: 3, Informative
  
  Actually, no. The Xbox360 won't execute code without permission.
  The worst it currently does is check that your firmware and the game you are wanting to play are both up to date, and then if either check fails, tells you you will be signed out of Live (but still free to play the game in offline or LAN mode).
  Could I see MS doing this in in the future? Possibly. But I really don't think they consider it that big a deal. The people who have a hacked Xbox360 are already pretty much staying offline anyways so it wouldn't do them much good to insert this kind of code.
4. Re:AGAIN, Sony? by TheGratefulNet · 2011-02-01 03:31 · Score: 4, Insightful
  
  they learned that the kids today will buy anything if its shiny. rootkits? sony music vs the world? optical discs with invasive DRM? annoying copy/read protections? proprietary connectors that cost as much as the unit, itself? remember all that stuff?
  wait, hang on:
  "oh look, a new video game to keep us distracted. lets get it!"
  its impossible to get a boycott going; the 'shininess' wins with today's kids and they do NOT ever vote with their wallets. they buy sony blue ray (no, I'm not spelling it their way), they encourage the DRM with their purchases and sony laughs all the way to the bank.
  I can't see any products sony offers that isn't also available elsewhere and better. not the exact same thing, but sony is *fully* boycottable with very little pain involved. its easy to do.
  please consider not buying sony. ever. you can find alternatives. you can, really.
  
  --
  
  --
  "It is now safe to switch off your computer."
5. Re:AGAIN, Sony? by bdsesq · 2011-02-01 04:06 · Score: 3
  
  How is Apple worse?
  When did they root kit your iPod or iPhone?
  Who did they take to court for jail breaking?
  The answer is they have not done either of these.
  You are free to hate Apple or Sony or MSFT.
  Just please be accurate when you rant.
6. Re:AGAIN, Sony? by Eivind+Eklund · 2011-02-01 04:17 · Score: 4, Interesting
  
  Well, I personally don't accept Sony stealing from their customers *even though this time that customer wasn't me*.
  Sony first advertised OtherOS (combined with the ability to play new games and the ability to get on PSN) and then removed this.
  Theft.
  I don't voluntarily give money to thieves, even if they so far haven't stolen from me.
  So I've boycotted Sony, and they can say bye bye to the $1000+ per year I used to spend with them.
  Whether "lots of people" are happy with them is immaterial - I was happy with what they delivered, until they started stealing from people.
  
  --
  Doubting the existence of evolution is like doubting the existence of China: It just shows that you're uninformed.
IRC by Ogive17 · 2011-02-01 01:51 · Score: 5, Informative

Wow, the "source" for this speculation is an IRC conversation.

Not that I respect Sony considering what they've done in the past but I think I'll hold off judgement for a bit longer on this one.

--
"Action without philosophy is a lethal weapon; philosophy without action is worthless."
1. Re:IRC by dc29A · 2011-02-01 01:59 · Score: 4, Insightful
  
  I don't beleive Sony are that dumb. A backdoor pretty much opens the PS3 not just to Sony but hackers and most importantly malware writers. PS3 botnet anyone?
2. Re:IRC by ElectricTurtle · 2011-02-01 02:08 · Score: 4, Informative
  
  As many have alluded and will allude to in this discussion, they *are* that dumb, as evidenced by the fact that they did it before.
  
  --
  I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
3. Re:IRC by erroneus · 2011-02-01 02:24 · Score: 3, Insightful
  
  You mean their track record for shoddy products, crappy product support, the previous rootkit installs and their close ties with the RIAA haven't been reason enough for you?
4. Re:IRC by ElectricTurtle · 2011-02-01 02:48 · Score: 4, Informative
  
  Never did I say rootkit==backdoor. The parent I was replying to was saying that Sony wouldn't do a thing that opened the PS3 to malware writers, and the rootkit, by *your* own example "assisting some viruses in the process" did exactly ... what? The same thing. Before. Do you get it yet?
  
  --
  I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
5. Re:IRC by Entropius · 2011-02-01 03:46 · Score: 3, Informative
  
  Panasonic, for one.
  I used to have a Panasonic digital camera, of the "superzoom" type. The lens (which had the fastest aperture of any superzoom lens available) incorporated anomalous-dispersion glass and was well-designed, and thus had pretty low levels of chromatic aberration; the residual chromatic aberration had been characterized by the lens designer and was cleaned up in software in the camera. For what it was, it took amazing pictures.
  Sony made a competing product. It had all sorts of shiny stuff advertised on the box -- lots of megapixels, various gee-whiz modes, "smile shutter", all sorts of stuff that can be marketed -- but the lens was *shit*, with nutty amounts of chromatic aberration, so it didn't matter what you did with it -- you weren't going to take good pictures at the long end of that lens, gee-whiz stuff or no, because the lens sucked.
Sony??!? by elrous0 · 2011-02-01 01:54 · Score: 4, Funny

But such a control-freak move seems so out of character for Sony. I mean, Sony installing an intrusive backdoor that could potentially be abused, just to fight a few pirates? I can't think of a precedent for that.

--
SJW: Someone who has run out of real oppression, and has to fake it.
Not a rootkit by Lord+Byron+II · 2011-02-01 01:56 · Score: 5, Informative

The "article" calls this a rootkit. The summary calls it a backdoor. Neither is strictly true.
Rootkits allow unauthorized users root level access and backdoors allow unauthorized remote users access. In this case, you're installing Sony software and this software allows Sony to autoupdate their software and remove cracks. This isn't much different from Chrome autoupdating or Firefox blacklisting certain extensions. The only real difference is that Sony might not have been all that forthcoming about the fact that this new firmware has this capability. My guess is that if you look at the EULA carefully, it does specify that they are allowed to do this.
I would suggest that if you think they have trampled on your rights, then take them to court. Sony will just keep making their firmware more and more "evil" until a sizable number of users stands up and says "no more".
1. Re:Not a rootkit by Svartalf · 2011-02-01 02:21 · Score: 4, Interesting
  
  Actually, that sort of verbiage can negate a contract or agreement. It has to have a definitive nature at the time of agreement and it needs notice for the change so you can either negotiate new terms or end the same if you don't agree with the new changes. Any verbiage that allows the contract to change so much on a whim as you're implying renders the contract null and void as there's no way to be able to be in compliance with the terms at any given time.
  
  --
  I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
2. Re:Not a rootkit by halcyon1234 · 2011-02-01 02:54 · Score: 3, Insightful
  
  This isn't much different from Chrome autoupdating or Firefox blacklisting certain extensions.
  It wouldn't be-- if Firefox removed the optional "Check for Updates" setting, changed your hosts.txt file and router's routing table, added no new features with the update, and would only show cached, offline pages until you submitted to the update.
  So except for nearly everything being different, it's exactly the same.
  
  --
  UTF-8: There and Back Again
I bought my PS3 dammit! by onyxruby · 2011-02-01 02:02 · Score: 4, Insightful

Is it just me, or I could swear that I 'bought' my ps3 and it said nothing about a cable box like rental on the box. Why is it so hard for Sony to understand that this is my property and to leave it well enough alone? If they want to arbitrarily execute code on other people's property it crosses the line to hacking and that's criminal to in most jurisdictions.
What they have done is no different that the cable company demanding root level access to your computer in order to go online. People would be outraged there, why should a game console (which is just a dedicated computer) be any different?
Re:I'm not so sure this is wrong anymore by Lord+Byron+II · 2011-02-01 02:04 · Score: 3, Interesting

Yeah, I think the only thing that Sony has done wrong is remove the "Other OS" option. They probably should not have included it in the first place. But other than that, Sony has basically sold you:
-A black box capable of playing games
-You have to pay $60 per new game
-If you want to play online, you can't cheat
This firmware doesn't change any of this, so why get upset? If you wanted a general purpose computer that you control the software stack on, then buy a PC and roll your own Linux kernel.
Bash.org by definate · 2011-02-01 02:21 · Score: 4, Insightful

Bash.org archiving reliable reporting sources since Wednesday February 02, @12:16AM.
Such as ...
Cthon98's expose on gullibility and technological literacy
erno's scandal on the misappropriated resources
CRCError's report on the abuses of power
DragonflyBlade21's critique on the human condition
... and of course entertainment news...
JonJonB's review of Harry Potter

--
This is my footer. There are many like it, but this one is mine.
Re:I'm not so sure this is wrong anymore by Svartalf · 2011-02-01 02:42 · Score: 3, Informative

Actually, the firmware mod opens it up to being further hacked (Do remember that they lost positive control of the ROOT signing key...meaning that ANYONE can MITM their update chain now...) as now hackers can put and remove things at will on their boxes. This means we should see the beginnings of PS3 Botnets all over the place eventually.
And this would make the second wrong move from Sony, with the OtherOS being removed being the first.

--
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas