Sony’s console lacks minimum hardware security measures
It’s only been about a month since the official launch of the PlayStation Classic retro console and hackers have managed to manipulate it completely. According to cybersecurity and ethical hacking experts from the International Institute of Cyber Security, hackers have already found a method to load the console with pirated games, moreover, the lack of adequate security measures by Sony have facilitated these tasks.
Two hackers specialized in consoles, known on GitHub as yifanlu and madmonkey1907, managed to download the PlayStation Classic code from the UART serial port of the system a few days after the launch. Subsequently, yifanlu explained that the most vulnerable elements of the system were signed and encrypted with a key embedded in the device. In other words, Sony’s cybersecurity team approved the launch and distribution of the console with the unlock keys hidden within the very same device.
During the streaming of the hacking process through Twitch, hackers discovered that the PlayStation Classic does not seem to perform some sort of sensitive code signature checking at the system booting. Thanks to this omission, it is relatively easy for hackers to load any kind of payload into the hardware from a USB device. Hackers verified this weakness by loading a PlayStation game different to the default games.
This information has already generated some open source projects that allow those with a PlayStation Classic console to load a USB stick with a properly formatted payload for the hardware to recognize and run any PlayStation game; there have also been reports of some non-functional hacking methods that could “brick” the console system, so cybersecurity experts recommend to be careful when performing such actions.
The relative ease of the PlayStation Classichacking method contrasts with the complexity to hack their counterparts released to the market by Nintendo. According to reports, to hack a NES Classic Edition console, you need to download the contents of the system on a computer via USB; then you need to modify the downloaded files and re-flash the system kernel using a specially crafted tool.
Because of its price, which many consider too high, its poor list of games, and failures in availability, the PlayStation Classic console is already considered a failure of Sony in its attempt to exploit gamers’ nostalgia.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.