By akademiotoelektronik, 08/04/2023
The PS5 has been hacked: here's what you need to know about the console's security problem
A group of hackers claim to have successfully cracked the PS5 firmware and gained access to the PlayStation 5 encryption keys. A crucial moment for Sony's console.
The PS5 motherboard // Source: Frandroid screenshot
Since the first consoles, it's been a cat-and-mouse game between manufacturers who sell a closed machine and hackers who want to open it up and allow it to run all kinds of software. The challenge for a console manufacturer is obviously not so much to prevent you from installing Linux (the PlayStation 3 very officially authorized it for a time), but rather to prevent pirates from running shared commercial games in line.
The launch of a generation is an opportunity to reset the counters and offer a new machine with new security. Unfortunately for Sony, it seems that the safeguards put in place for the PlayStation 5 have been insufficient. The group of Fail0verflow hackers announces that they have opened the console.
Deep software flaw exploited
The Fail0verflow group posted an image on Twitter showing a readable version of the 4.03 firmware and, more specifically, demonstrating that the group has access to the PS5 symmetric keys. The second tweet clarifies that this was obtained from the software.
If it's software, it should be possible for Sony to fix the flaw, but beware, the damage may already be there.
What does this act mean?
Access to the primary keys of the console is a very important element to allow its opening, by force. This can in principle make it possible to digitally "sign" software so that it appears to the console as having been authorized by Sony, and therefore authorized to be launched. This applies in particular to illegally shared games.
For regular players, without a pirated console, this shouldn't be a problem in principle. It is indeed necessary to obtain the specific key of the console, to sign a malicious software and allow it to be installed. This is not what this exploit should allow.
Is it easy to hack the PS5?
The Fail0verflow group did not reveal the method to get this advanced firmware access. It is very likely that the operation is currently complex and accessible only to a handful of connoisseurs in the world.
It could, however, be the first step to making it easier to hack the console in the future. Other groups of hackers could in particular open the other firmwares of the PS5 with the keys obtained and analyze the files to find other flaws.
Can Sony fix the flaw easily?
Fail0verflow indicates that it obtained this access thanks to a software flaw. Sony should therefore be able to offer a patch correcting this security flaw.
However, it remains to be determined whether Sony can change the master key of the console through an update. If not, even if the update fixes the flaw, the results of the flaw will still be there. Particularly the ability to digitally sign software without Sony's consent.
When will the method be revealed?
For his part, Andy Nguyen (@theflow0), security researcher at Google, announces that he has access to the debug menu of the console on the latest firmware as of the machine. He posted a screenshot proving it on Twitter.
He probably uses the same flaw and does not intend to disclose the method. The Fail0verflow group has become accustomed to revealing its method after the manufacturer has corrected the problem. We can expect an update from Sony as soon as the flaw has been fixed.
To follow us, we invite you to download our Android and iOS application. You can read our articles, files, and watch our latest YouTube videos.
Related Articles