Feeds

Sony PS3 rootkit rumours rubbished

Uh, check the several-years-old small print yeah

Gartner critical capabilities for enterprise endpoint backup

Suggestions that Sony has added a rootkit with the latest firmware update to its PS3 console have been denounced as bunkum by a leading gaming security expert.

Rumours began flying on the interwebs earlier this week that the official 3.56 firmware upgrade for Sony's consoles gave the consumer electronics giant the ability to execute code on the PS3 as soon as a user goes online.

Sony can use the technology to verify system files or to look for home-brewed games, it was suggested. More sinister still, it was warned, the code can be updated without further firmware updates.

The more excitable elements of the gamer community as well as tech blogs and gaming sites cried foul over the move, with many describing it as the introduction of hidden "rootkit-style" functionality.

But Chris Boyd, a security researcher at GFI Security who has studied the security of online games for several years, points out the development is not new since Sony wrote the ability for it to do remote updates into its terms and conditions since at least 2006.

"It's been known for a while that a networked PS3 will contact Sony servers at start up (whether it has an active PlayStation network account on it or not), which performs various tasks related to error logs, updates and other activities," Boyd (aka Paperghost) told El Reg.

Anyone using a PS3 agrees in the terms of service to allow their console to perform these tasks.

Mark Russinovich found a rootkit in Sony CDs back in 2005, provoking a huge privacy outcry. This has led some enthusiasts and bloggers to suggest that history is repeating itself with the PS3 firmware upgrade.

The PS3 firmware upgrade is nothing like as malign, argues Boyd, who has spoken on X-Box and online gaming security at several security conferences. "Comparing a last ditch attempt at blocking hacks and custom firmware to the truly dreadful CD rootkit is mind boggling."

Sony bundled ill-conceived copy-protection on its music CDs that meant a rootkit was installed if they were played on Windows PCs. This created a vulnerability on affected machines later latched onto by malware writers. Sony withdrew the technology following an outcry.

Comparing this to the PS3 firmware update misunderstands what has actually been done or the practical risks of the move, according to Boyd.

"This is only really a concern if you're interested in modding - otherwise I'm not convinced there's a 'threat' as such," Boyd told El Reg. "I'm still waiting for someone to explain how this 'PS3 rootkit' could be used to run unsigned malicious code on a non-jailbroken box," he added.

Sony recently earned the enmity of the gamer and security communities by suing hackers who figured out a way to run unsigned code on PlayStation 3 consoles without the use of a dongle. The blogiverse has been inclined to ascribe the worst possible motives to anything Sony has done with a console since, regardless of whether it's actually new or how what it's doing sits against other potential threats.

Boyd, who has been vocal in criticising the lawsuits against the PS3 hackers such as geohot, nonetheless argues that gamers need to get a grip. "People will happily download homebrew from Basement Bob which could steal logins/credit card details, but code from the console maker is evil?" ®

Boost IT visibility and business value

More from The Register

next story
Apple takes blade to 13-inch MacBook Pro with Retina display
Shaves price, not screen on mid-2014 model
iPhone 6 flip tip slips in Aussie's clip: Apple's 'reversible USB' leaks
New plug not compatible with official Type-C, according to fresh rumors
FEAST YOUR EYES: Samsung's Galaxy Alpha has an 'entirely new appearance'
Wow, it looks like nothing else on the market, for sure
YES YES YES! Apple patents mousy, pressure-sensing iVibrator
Fanbois prepare to experience the great Cupertin-O
Steve Jobs had BETTER BALLS than Atari, says Apple mouse designer
Xerox? Pff, not even in the same league as His Jobsiness
TV transport tech, part 1: From server to sofa at the touch of a button
You won't believe how much goes into today's telly tech
Apple analyst: fruity firm set to shift 75 million iPhones
We'll have some of whatever he's having please
Things are looking up in Flappy Bird sequel
'Swing Copters' offers the same gameplay but in a different direction
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.