You Would Think Sony Knew Better Than To Install A Rootkit In The PS3 [Updated]

from the haven't-we-done-this-before? dept

As you probably remember, a few years back there was a huge mess when Sony Music (at the time, Sony BMG) was caught installing a rootkit via the DRM it used on CDs. That created a huge legal headache for Sony, with the company eventually agreeing to replace all those CDs. You would think that Sony, as a whole, would now be a lot more careful about such things. Yet, as TorrentFreak points out, an analysis of the new PS3 firmware suggests that there's a rootkit in there, which will allow Sony to control the PS3 device that you thought (incorrectly) that you bought. It's almost as if Sony is telling people to stop buying PS3s. Update: A lot of folks are claiming this isn't really a rootkit, and that the story has been blown out of proportion. Reading through the details suggest this is absolutely a possibility.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ps3, rootkit
Companies: sony


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    crade (profile), 3 Feb 2011 @ 2:06pm

    It may enable them to control my PS3, but I don't think is actually allows them to. It's probably still illegal.

    link to this | view in chronology ]

    • icon
      weneedhelp (profile), 3 Feb 2011 @ 2:20pm

      Re:

      Essentially Sony can now remotely execute code on the PS3 as soon as you connect.

      Does not sound like they ask.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Feb 2011 @ 2:14pm

    One day you will learn, when you buy a gaming system, you purchase the hardware and get a license for the software. Until you learn that basic idea, you will always fail.

    link to this | view in chronology ]

    • icon
      Richard (profile), 3 Feb 2011 @ 2:18pm

      Re:

      One day you will learn, when you buy a gaming system, you purchase the hardware and get a license for the software. Until you learn that basic idea, you will always fail.

      This goes way beyond that concept. If you own the hardware then you you are free to delete any of their s/w and replace it with your own. This allows them to delete your software and data.

      Until you make the effort to understand that distinction your comments will continue to be irrelevant.

      link to this | view in chronology ]

      • icon
        :Lobo Santo (profile), 3 Feb 2011 @ 2:20pm

        Re: Re:

        (please don't feed the trolls.)

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 3 Feb 2011 @ 2:34pm

        Re: Re:

        As long as you are using their software,their firmware, and operating with it, you operate inside their license (not ownership). You do not own the code.

        What is being called a "rootkit" probably isn't anything like that, but it's a great buzzword that gets TD a few more views and a few most posts from the freetard children.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 3 Feb 2011 @ 2:58pm

          Re: Re: Re:

          We get it. Owning things is stupid.

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 3 Feb 2011 @ 3:15pm

          Re: Re: Re:

          Hey look mom, it's one of those irrelevant internet trolls.

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 3 Feb 2011 @ 4:09pm

          Re: Re: Re:

          Really?

          What do you think about car diagnostics, can automakers make you go to only authorized mechanics now and make you pay a premium for doing it?

          Do you like that?

          link to this | view in chronology ]

        • icon
          Richard (profile), 3 Feb 2011 @ 4:12pm

          Re: Re: Re:

          As long as you are using their software,their firmware, and operating with it, you operate inside their license (not ownership). You do not own the code.
          The license gives you the right to run their code on your hardware.

          It doesn't give them the right to run other code on your hardware when you don't want them to.

          Code that runs when the owner of the hardware doesn't want it to has a name - it is called malware and it is not legal.

          link to this | view in chronology ]

        • icon
          Gwiz (profile), 4 Feb 2011 @ 12:58pm

          Re: Re: Re:

          As long as you are using their software,their firmware, and operating with it, you operate inside their license (not ownership). You do not own the code.

          This is something I find fascinating with the Pro-IP crowd.

          They want Intellectual Property to be considered property when they own it, but want it to be considered something else when they sell it to an end user.

          When I buy real property, say a car, I am free to modify it, tear it apart to see how they built it, or whatever.

          When I purchase Intellectual property, then all of a sudden there all these restrictions placed on me about what I can or cannot do.

          It's like saying "We want Intellectual Property to be considered property ONLY when it benefits us."

          link to this | view in chronology ]

          • identicon
            S, 4 Feb 2011 @ 1:41pm

            Re: Re: Re: Re:

            That IS what they're saying. It's blind greed and hypocrisy, or the gullible and weak minded echoing the blindly greedy and hypocritical because they can't think for themselves.

            link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Feb 2011 @ 2:54pm

      Re:

      The whole problem with that is that if you make the hardware and control the software you create a perverse situation in which you control the hardware that you've already sold.

      link to this | view in chronology ]

    • icon
      Hephaestus (profile), 3 Feb 2011 @ 3:36pm

      Re:

      I was wondering wouldn't that be computer trespass if the executed code on your system without telling you? (fig 2)

      NY CLS Penal § 156.10 Computer trespass

      A person is guilty of computer trespass when he or she knowingly uses [fig 1] , causes to be used, or accesses a computer [fig 2] , computer service, or computer network without authorization and:

      1. he or she does so with an intent to commit or attempt to commit or further the commission of any felony; or

      2. he or she thereby knowingly gains access to computer material.

      link to this | view in chronology ]

      • icon
        DJ (profile), 3 Feb 2011 @ 3:51pm

        Re: Re:

        The problem we, the users, run into is that few of us ever actually read the user agreement. As such, and according to many local laws, if it's in the user agreement that we "knowingly grant authorization...." -- or however it might be worded -- then we're kinda SOL in the legal world.

        So how do we fight back? Simple, stop buying PS3; you could even go so far as to boycott Sony altogether. I'm not calling for a Sony boycott (I own many of their products), but if PS3 is potentially compromised, don't use it. Simple.

        link to this | view in chronology ]

        • icon
          Hephaestus (profile), 3 Feb 2011 @ 4:20pm

          Re: Re: Re:

          But haven't EULA been thrown out in the past because you have to open the box to read them?

          link to this | view in chronology ]

        • icon
          Christopher (profile), 3 Feb 2011 @ 6:15pm

          Re: Re: Re:

          Not so. Many of those EULA's have been looked upon by courts and thrown out because you have to open the box to read them, as the other poster pointed out.

          You are forgetting that if EULA's come into conflict with other law, they are null and void.

          link to this | view in chronology ]

          • icon
            Hephaestus (profile), 3 Feb 2011 @ 6:37pm

            Re: Re: Re: Re:

            So that leads me back to my first question.

            Can we file computer trespass charges against someone who accesses our system without our knowledge if the EULA was not in plain sight, and not readable on the package, if they upgrade our system?

            This goes back to SONY and the removal of the secondary OS option.

            link to this | view in chronology ]

            • identicon
              Aerilus, 3 Feb 2011 @ 7:35pm

              Re: Re: Re: Re: Re:

              I would imagine that if its a criminal act that it is prosecuted by the government and you can't waive your right now if its civil (i see penal code so guessing criminal) then it might hold up.you cant let some one murder you when you have a painful terminal condition. so who has more connections in the government than sony to make them get off their butt and prosecute probably not many people.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 3 Feb 2011 @ 8:37pm

                Re: Re: Re: Re: Re: Re:

                In other words it's only illegal for those who don't contribute enough in campaign contributions to get the government to leave them alone. Got ya.

                link to this | view in chronology ]

              • icon
                Hephaestus (profile), 4 Feb 2011 @ 6:46am

                Re: Re: Re: Re: Re: Re:

                "so who has more connections in the government than sony to make them get off their butt and prosecute probably not many people."

                If I am remembering correctly, anyone can walk in front of a grand jury and file as a private citizen. If the DA or prosecutor fails to follow through there is always the lawyers disciplinary board or committee.

                link to this | view in chronology ]

        • icon
          btr1701 (profile), 4 Feb 2011 @ 9:25am

          Re: Re: Re:

          > if it's in the user agreement that we "knowingly
          > grant authorization...."

          Just because I grant authorization at some point doesn't mean I can never revoke it.

          link to this | view in chronology ]

      • identicon
        Kurata, 3 Feb 2011 @ 6:33pm

        Re: Re:

        Considering you accepted the ToS, and other stuff, which apparently states that Sony has a right to access your system, this wouldn't apply as you implicitly agree to their accesses, thus giving them authorization.

        As such, the NY CLS Penal § 156.10 Computer trespass is void in this case.
        Then again, I do not know the value of silence in USA, but I know in France, this would mean agreeing to that line.

        link to this | view in chronology ]

        • icon
          Hephaestus (profile), 3 Feb 2011 @ 6:45pm

          Re: Re: Re:

          Think about it this way. If IBM removed the ability to run Windows and only allowed you to run Linux what would happen to them. The gaming system and the IBM are both just computers. Disabling the ability to run windows is the same thing SONY did.

          link to this | view in chronology ]

        • icon
          Hephaestus (profile), 3 Feb 2011 @ 6:46pm

          Re: Re: Re:

          Think about it this way. If Compaq removed the ability to run Windows and only allowed you to run Linux what would happen to them. The gaming system and the Compaq are both just computers. Disabling the ability to run windows is the same thing SONY did.

          link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Feb 2011 @ 4:16pm

      Re:

      I hope your car forces you to connect to the internet to work.

      OBD-II

      You don't own the software remember?

      link to this | view in chronology ]

    • icon
      Marcel de Jong (profile), 4 Feb 2011 @ 2:54am

      Re:

      If you own the hardware, why then do these companies balk at the modchip industry? If it's my hardware and I want to mod it, I'm free to do so, right?

      link to this | view in chronology ]

  • identicon
    Anonymoose, 3 Feb 2011 @ 2:18pm

    Or that it's safer to jailbreak completely and use community-created firmware.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Feb 2011 @ 2:24pm

    There's actually NO proof whatsoever of this. If you read the original article carefully, you'll see that he only suggests and thinks, yet cannot prove it.

    Nice spin Mike. You labeled them guilty with no evidence whatsoever. Do you work for DHS?

    link to this | view in chronology ]

    • icon
      The eejit (profile), 3 Feb 2011 @ 2:35pm

      Re:

      No, but it doesn't look good, given Sony's history. Remember, the implication of wrongdoing is equally as bad to a brand as actual wrongdoing.

      Sony is essentially pissing away future customers, in order to get more money now. See how that's working for the bankers.

      link to this | view in chronology ]

    • icon
      crade (profile), 3 Feb 2011 @ 3:20pm

      Re:

      If you read *this* article carefully (or even carelessly), you'll see that "only suggests and thinks" is exactly what Mike says the original article does.

      link to this | view in chronology ]

    • icon
      illDecree (profile), 3 Feb 2011 @ 3:45pm

      forget the word 'suggest'?

      an analysis of the new PS3 firmware suggests that there's a rootkit in there


      did you miss the word 'suggests'? Mike wasn't at all making the accusation that there is, in fact, a root kit in the firmware.

      link to this | view in chronology ]

    • icon
      DJ (profile), 3 Feb 2011 @ 3:56pm

      Re:

      Hi TAM!

      link to this | view in chronology ]

  • identicon
    Justin Olbrantz (Quantam), 3 Feb 2011 @ 2:32pm

    Back Door

    "Rootkit" has a much more specific meaning than it's used for here. Rootkits hide things from or screw with the operating system in ways not intended by design, e.g. what Sony did in the past with music CDs. It's impossible by definition for the operating system or firmware itself to contain a rootkit, as all intended behavior is intended.

    The term people are looking for is "back door", which can be applied to makers of something giving themselves greater access to the thing than users are aware of or wish to permit.

    link to this | view in chronology ]

    • icon
      crade (profile), 3 Feb 2011 @ 3:05pm

      Re: Back Door

      A rootkit is just a type of backdoor that is used to get root access not authorized by the legimitate system admin. Hiding from the OS is generally assumed to be neccessary for a rootkit but only because it is assumed the OS is reporting to the admin, but what is actually important is to avoid detection and removal of the backdoor by the admin.

      link to this | view in chronology ]

    • identicon
      PRMan, 3 Feb 2011 @ 3:07pm

      Re: Back Door

      If they are installing hidden code that allows them to secretly do things on everyone's PS3 without the users being aware (except thanks to a hacker that discovered it), then it is a rootkit by your own definition.

      link to this | view in chronology ]

    • icon
      \r (profile), 3 Feb 2011 @ 3:42pm

      Re: Back Door

      Justin, I do believe that a root kit provides a method of access (typically a suite of tools and programs) to acquire elevated privileges regardless of where or where it may not presently reside in 'kit' form. A back door can be used to either directly access those privileges via a method prepared and lodged in code present on any given running system or otherwise accessed via less intrusive means as a kit in waiting in order to (attempt to) acquire said elevated privileges (side door) as such it is far from impossible for an OS or FW to contain (house) a (root) kits in waiting. Once you breach a system you'll often carry your kit in with you. Semantics do not always warrant evaluation but don't get it wrong when you do.\r

      link to this | view in chronology ]

    • icon
      DJ (profile), 3 Feb 2011 @ 3:58pm

      Re: Back Door

      I'm not exactly what you would call "tech savvy", so I had to look it up; and I seem to know more about it than you do. Odd.
      http://www.google.com/search?hl=en&rlz=1G1GGLQ_ENUS338&defl=en&q=define:Rootkit&am p;sa=X&ei=9jxLTbffFZDCsAOm-MDiCg&ved=0CBwQkAE

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Feb 2011 @ 4:33pm

      Re: Back Door

      This from a guy who complains on his blog that his parents are not happy about their new solar panels being bright white, only to later update that they were just seeing the reflection of clouds.

      link to this | view in chronology ]

  • icon
    zegota (profile), 3 Feb 2011 @ 2:52pm

    Yes, that ten-line IRC chat certainly proves it. -_-

    link to this | view in chronology ]

    • icon
      The eejit (profile), 3 Feb 2011 @ 3:36pm

      Re:

      No, it's not conclusive proof, but when you know that the new firmware is due out ina few weeks at most, it looks odd.

      link to this | view in chronology ]

  • icon
    btrussell (profile), 3 Feb 2011 @ 3:30pm

    "As you probably remember..."
    I will never forget!

    I always remind others too!

    sony owes me large.

    link to this | view in chronology ]

  • identicon
    blah, 3 Feb 2011 @ 3:35pm

    Not exactly a "rootkit"

    Seems like someone assigned the term "rootkit" arbitrarily here.

    What this code update appears to do (based on clicking a couple links and *reading*) is add the ability for PSN to execute some code on the PS3 at login time using this new fucntionality.

    I seems the idea is: if the code fails to run, an invalid response is returned to the server, and PSN fails the connection.

    In theory, something like that would prevent CFW circumvention of the new firmware while still allowing access to PSN, and Sony can change their payload regularly to prevent CFW from mimic'ing the response.

    This would also give them the ability to brick or blacklist hacked consoles in the future (which I would think anyone hacking their machine and trying to connect to PSN would expect to happen...)

    If you don't use PSN, I don't see the problem.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Feb 2011 @ 4:16pm

      Re: Not exactly a "rootkit"

      In other words, Sony is trying to make sure that only legal users of the consoles (unmodified) can play as part of their network. Seems very reasonable and not at all like a rootkit.

      Seems like we have the Masnick Effect going on again!

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 3 Feb 2011 @ 4:23pm

        Re: Re: Not exactly a "rootkit"

        You should try editing the Wikipedia page again dude, people there didn't buy your excuses and deleted your additions :)

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 3 Feb 2011 @ 10:32pm

          Re: Re: Re: Not exactly a "rootkit"

          The wikipedia entry is valid, just Mike's minions keep removing the truth. That's why his bio is only a stub.

          link to this | view in chronology ]

          • icon
            teka (profile), 3 Feb 2011 @ 11:19pm

            Re: Re: Re: Re: Not exactly a "rootkit"

            that is right. Evil minions are out to get you and prevent you from spreading the truth.

            Mike also shoots brain-signals from his orbiting death station, so cinch that aluminum foil down Tight on your head and bedtime, ok?

            link to this | view in chronology ]

          • icon
            velox (profile), 4 Feb 2011 @ 12:45am

            Re: Re: Re: Re: Not exactly a "rootkit"

            "The wikipedia entry is valid"
            You obviously don't know anything about Wikipedia. It's very unlikely that anyone from TD removed your opinion from Mike Masnik's page. Unlike this place, you can't just say whatever you want on Wikipedia, because if it looks like you used unreferenced material, somebody will be around in about 15 minutes to clean out your trash.

            Every single bit of Wikipedia is supposed to be referenced from externally verifiable published material.
            You can't put in things you think are true.
            You can't put in the results of your own unpublished research, even if it is true.
            You can't put in opinions or personal attacks against living persons -- even if you really, really hate them, and even if they really, really are bad guys.

            And no, a link to a pseudonymous comment in a blog does not constitute a reputable source.

            link to this | view in chronology ]

    • icon
      G Thompson (profile), 3 Feb 2011 @ 7:53pm

      Re: Not exactly a "rootkit"

      Not so sure about The USA (Strange and basically non existant consumer laws) but for a company to knowingly "brick" a console that stops the console from working at all is both a criminal offence and tortous behaviour (civil wrong) in Europe and Australia/NZ

      Also the remote execution of code that suggests they are looking what is on the machine, which in the case of the PS3 has also the ability to store photos, audio, videos of ANYTHING the user creates or has rights to would in all likely come under scrutiny of high privacy laws, quiet enjoyment, and unauthorised access statutes (criminal and civil) especially in the EU.

      The EULA has no legal basis what so ever since you can not sign away your statutory rights in any contract, especially one that is highly unilateral.

      Sony have the ability to deny anyone access to their online network (PSN) for any legal reason since it is classified as their property space, though they do not have the right to deny anyone the use of their system in any other way that that user sees fit.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Feb 2011 @ 3:50pm

    How would someone (aside from Sony) use this to take over your PS3 without, say, hacking your router first?

    link to this | view in chronology ]

  • icon
    Mike Masnick (profile), 3 Feb 2011 @ 3:50pm

    Updated the post

    Good points by folks here and elsewhere about how calling this a "rootkit" might be a bit extreme. I've added an update to the post.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Feb 2011 @ 4:18pm

      Re: Updated the post

      Good points by folks here and elsewhere about how calling this a "rootkit" might be a bit extreme. I've added an update to the post.

      The argument that it isn't a rootkit basically boils down to saying it isn't because Sony buried permission for themselves to do this in their terms and conditions. In all other ways it's a rootkit.

      link to this | view in chronology ]

      • icon
        Christopher (profile), 3 Feb 2011 @ 6:19pm

        Re: Re: Updated the post

        Agreed, Anonymous. The fact is that this is a rootkit by definition, whether or not the EULA (which almost no one reads AND has been declared unenforceable in several courts) says that Sony has the right to put this on your PS3.

        link to this | view in chronology ]

  • icon
    sehlat (profile), 3 Feb 2011 @ 4:03pm

    If it looks like a duck, and walks like a duck, and quacks like a duck...

    Then it's a rootkit. :)

    link to this | view in chronology ]

  • identicon
    sonyyoco, 3 Feb 2011 @ 4:13pm

    Suggestions that Sony has added a rootkit with the latest firmware update to its PS3 console have been denounced as bunkum by a leading gaming security expert.

    Rumours began flying on the interwebs earlier this week that the official 3.56 firmware upgrade for Sony's consoles gave the consumer electronics giant the ability to execute code on the PS3 as soon as a user goes online.

    Sony can use the technology to verify system files or to look for home-brewed games, it was suggested. More sinister still, it was warned, the code can be updated without further firmware updates.

    The more excitable elements of the gamer community as well as tech blogs and gaming sites cried foul over the move, with many describing it as the introduction of hidden "rootkit-style" functionality.

    But Chris Boyd, a security researcher at GFI Security who has studied the security of online games for several years, points out the development is not new since Sony wrote the ability for it to do remote updates into its terms and conditions since at least 2006.

    "It's been known for a while that a networked PS3 will contact Sony servers at start up (whether it has an active PlayStation network account on it or not), which performs various tasks related to error logs, updates and other activities," Boyd (aka Paperghost) told El Reg.

    Anyone using a PS3 agrees in the terms of service to allow their console to perform these tasks.

    Mark Russinovich found a rootkit in Sony CDs back in 2005, provoking a huge privacy outcry. This has led some enthusiasts and bloggers to suggest that history is repeating itself with the PS3 firmware upgrade.

    The PS3 firmware upgrade is nothing like as malign, argues Boyd, who has spoken on X-Box and online gaming security at several security conferences. "Comparing a last ditch attempt at blocking hacks and custom firmware to the truly dreadful CD rootkit is mind boggling."

    Sony bundled ill-conceived copy-protection on its music CDs that meant a rootkit was installed if they were played on Windows PCs. This created a vulnerability on affected machines later latched onto by malware writers. Sony withdrew the technology following an outcry.

    Comparing this to the PS3 firmware update misunderstands what has actually been done or the practical risks of the move, according to Boyd.

    "This is only really a concern if you're interested in modding - otherwise I'm not convinced there's a 'threat' as such," Boyd told El Reg. "I'm still waiting for someone to explain how this 'PS3 rootkit' could be used to run unsigned malicious code on a non-jailbroken box," he added.

    Sony recently earned the enmity of the gamer and security communities by suing hackers who figured out a way to run unsigned code on PlayStation 3 consoles without the use of a dongle. The blogiverse has been inclined to ascribe the worst possible motives to anything Sony has done with a console since, regardless of whether it's actually new or how what it's doing sits against other potential threats.

    Boyd, who has been vocal in criticising the lawsuits against the PS3 hackers such as geohot, nonetheless argues that gamers need to get a grip. "People will happily download homebrew from Basement Bob which could steal logins/credit card details, but code from the console maker is evil?"

    link to this | view in chronology ]

  • identicon
    sonyyoco, 3 Feb 2011 @ 4:13pm

    Suggestions that Sony has added a rootkit with the latest firmware update to its PS3 console have been denounced as bunkum by a leading gaming security expert.

    Rumours began flying on the interwebs earlier this week that the official 3.56 firmware upgrade for Sony's consoles gave the consumer electronics giant the ability to execute code on the PS3 as soon as a user goes online.

    Sony can use the technology to verify system files or to look for home-brewed games, it was suggested. More sinister still, it was warned, the code can be updated without further firmware updates.

    The more excitable elements of the gamer community as well as tech blogs and gaming sites cried foul over the move, with many describing it as the introduction of hidden "rootkit-style" functionality.

    But Chris Boyd, a security researcher at GFI Security who has studied the security of online games for several years, points out the development is not new since Sony wrote the ability for it to do remote updates into its terms and conditions since at least 2006.

    "It's been known for a while that a networked PS3 will contact Sony servers at start up (whether it has an active PlayStation network account on it or not), which performs various tasks related to error logs, updates and other activities," Boyd (aka Paperghost) told El Reg.

    Anyone using a PS3 agrees in the terms of service to allow their console to perform these tasks.

    Mark Russinovich found a rootkit in Sony CDs back in 2005, provoking a huge privacy outcry. This has led some enthusiasts and bloggers to suggest that history is repeating itself with the PS3 firmware upgrade.

    The PS3 firmware upgrade is nothing like as malign, argues Boyd, who has spoken on X-Box and online gaming security at several security conferences. "Comparing a last ditch attempt at blocking hacks and custom firmware to the truly dreadful CD rootkit is mind boggling."

    Sony bundled ill-conceived copy-protection on its music CDs that meant a rootkit was installed if they were played on Windows PCs. This created a vulnerability on affected machines later latched onto by malware writers. Sony withdrew the technology following an outcry.

    Comparing this to the PS3 firmware update misunderstands what has actually been done or the practical risks of the move, according to Boyd.

    "This is only really a concern if you're interested in modding - otherwise I'm not convinced there's a 'threat' as such," Boyd told El Reg. "I'm still waiting for someone to explain how this 'PS3 rootkit' could be used to run unsigned malicious code on a non-jailbroken box," he added.

    Sony recently earned the enmity of the gamer and security communities by suing hackers who figured out a way to run unsigned code on PlayStation 3 consoles without the use of a dongle. The blogiverse has been inclined to ascribe the worst possible motives to anything Sony has done with a console since, regardless of whether it's actually new or how what it's doing sits against other potential threats.

    Boyd, who has been vocal in criticising the lawsuits against the PS3 hackers such as geohot, nonetheless argues that gamers need to get a grip. "People will happily download homebrew from Basement Bob which could steal logins/credit card details, but code from the console maker is evil?"

    link to this | view in chronology ]

    • identicon
      TheStupidOne, 3 Feb 2011 @ 4:23pm

      Re:

      sonyyoco sued for copyright infringement and double posting in 3 ... 2 ... 1

      link to this | view in chronology ]

  • identicon
    sonyyoco, 3 Feb 2011 @ 4:19pm

    The hacking community's rational that their work is purely for homebrew purposes. "I mean, okay, that's their argument but they know the larger implication to the players who don't want that and the people who can now modify their game data."

    link to this | view in chronology ]

    • identicon
      Rekrul, 3 Feb 2011 @ 4:51pm

      Re:

      The hacking community's rational that their work is purely for homebrew purposes. "I mean, okay, that's their argument but they know the larger implication to the players who don't want that and the people who can now modify their game data."

      Yeah, you can't have just anyone writing games for your system or modifying existing games. Look at what a disaster that's been for computers. Oh wait...

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Feb 2011 @ 4:24pm

    I think it's quite funny that so many tech sites ran with this story considering it's based on the findings of one person. I would have at least waited until it had been confirmed by someone else before running it.

    Sensationalist headlines are more important than journalistic integrity these days I guess.

    link to this | view in chronology ]

    • icon
      harbingerofdoom (profile), 3 Feb 2011 @ 8:23pm

      Re:

      these days?
      its like you have just come out from whatever cave you have been living in for the past 30 years to come to this revelation.

      there have been hit songs written about this fact that are old enough to be on the classic rock stations...

      link to this | view in chronology ]

      • icon
        velox (profile), 4 Feb 2011 @ 12:56am

        Re: Re:

        30 years?? How about far longer than that.
        For a bit older example, Try the Spanish American War.

        link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Feb 2011 @ 4:28pm

    Ya know if your like me and don't buy crap from Sony, ya don't have to worry about rootkits and other sony crap.

    link to this | view in chronology ]

  • icon
    Mikael (profile), 3 Feb 2011 @ 5:07pm

    Did anyone actually read the source?

    I'm curious if anyone here actually read the source article (including Mike). From what I got out of reading it, this "rootkit" as it was put, it to enable Sony to be able to check your system to see if you're running custom firmware prior to connecting to the PSN. They even point out in the article that it's the same method Microsoft uses to id modded consoles so they can ban their MAC address.

    I'm all for hacking and modding, but you have to understand there are consequences to doing so with a console like this. I modded my original xbox so I could install emulators on it and copy my games to the hard drive for faster loading. I never got online with it so it didn't matter to me. Now, I don't see a need to mod my PS3 since the benefit to me outweighs the consequence. I don't like that Sony is able to execute this code each time I connect, but if all it's doing is making sure I don't have a modded console I'm fine with it. The first time I notice stuff missing from my system (including files stored on the drive), THAT's when I'll have a problem with it.

    link to this | view in chronology ]

    • icon
      Christopher (profile), 3 Feb 2011 @ 6:22pm

      Re: Did anyone actually read the source?

      There is no reason to just banned all modified consoles. They should look to see if someone's console is sending data that is 'strange' back to the servers (like they are being hit and it is not coming up as damage) in order to ban people.

      Not when they could be using custom firmware to do anything from backup up their legally bought games to enabling running from the hard drive without a disc in the drive to running homebrew software to various other things.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 3 Feb 2011 @ 7:23pm

        Re: Re: Did anyone actually read the source?

        Your idea is nice, but not workable. It would mean that the Sony staff would have to spend their life looking at every possible "abuse" and write code to try to block it. Talk about whack a mole.

        Instead, they do the wise thing: if you mod your console, if you are running odd programming, or if the version of the software doesn't match the real file size and requirements, then you are turfed. End of discussion. You can use your console as you want, you just can't use it on the PSN. You opted out.

        link to this | view in chronology ]

        • icon
          crade (profile), 3 Feb 2011 @ 8:31pm

          Re: Re: Re: Did anyone actually read the source?

          They are reneging on their promise to support other operating systems and are fraudulent and pathetic.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 3 Feb 2011 @ 10:35pm

            Re: Re: Re: Re: Did anyone actually read the source?

            No, they have realizes that allowing other operating systems creates a giant security hole, one that has to be fixed.

            If you want to use your PS3 with other operating systems, you cannot play online (because you must be upgraded). You have a choice.

            Sony is obliged to address security concerns, otherwise you would be reading on TD how Sony allowed hackers to take over your PS3.

            link to this | view in chronology ]

            • icon
              The eejit (profile), 4 Feb 2011 @ 12:19am

              Re: Re: Re: Re: Re: Did anyone actually read the source?

              Yuo obviously haven't been following the class action suit in the UK over Modern Warfare 2, about bugs and exploits online that haven't been fixed.

              link to this | view in chronology ]

            • identicon
              Anonymous Coward, 4 Feb 2011 @ 1:21am

              Re: Re: Re: Re: Re: Did anyone actually read the source?

              Sony logic:

              People might be able to use their own property as they see fit = giant security hole

              link to this | view in chronology ]

            • icon
              crade (profile), 4 Feb 2011 @ 6:35am

              Re: Re: Re: Re: Re: Did anyone actually read the source?

              No, they are reneging on their promise either way. They promised both features, not one or the other.

              link to this | view in chronology ]

      • icon
        harbingerofdoom (profile), 3 Feb 2011 @ 8:30pm

        Re: Re: Did anyone actually read the source?

        completely unworkable. even with the current checks they do there are still plenty of people running modded code in order to enable cheats during online play.
        as someone that enjoys the multiplayer aspect of some games its pretty frustrating when you empty an entire clip into someone, get 8 to 10 registered hits and they just saunter up to you and knife you while you are stuck reloading. and this happens with all the current checks in place.

        im all for the idea that you own the hardware you bought, but im also all for the idea that if you mod it, you are willingly withdrawing yourself from online multi-player via official servers.

        and while i have a huge problem with sony, microsoft and nintendo going all legal on those who have modded their hardware, i have no issue at all with any of them banning consoles. especially since its in the TOS that modded equipment is not allowed to connect.

        link to this | view in chronology ]

  • icon
    crade (profile), 3 Feb 2011 @ 8:26pm

    "this isn't really a rootkit, and that the story has been blown out of proportion. Reading through the details suggest this is absolutely a possibility."

    Basically what they seem to say is there is no (known) security vulnerability such that people other than Sony can take over your machine, and Sony taking over your machine is "fine" since Sony forced everyone to agree to giving Sony control over their machine in their Terms of whatever agreement. I still don't get how anyone takes those "agreements" that are done under duress after money changed hands and without any form of understanding or consent seriously. I sure as hell don't. So my baby cousin pushed the X button on the stupid controller while some moronic demands were up there. Big whoop.

    link to this | view in chronology ]

    • icon
      Christopher (profile), 3 Feb 2011 @ 11:57pm

      Re:

      Some judges agree with you about that. There have been rulings in Maryland, Delaware and New Jersey in the past that have voided EULA's and said, basically, that a EULA is unenforceable unless it can be read BEFORE you open the box that something comes in and return the thing immediately if you don't like the EULA.

      link to this | view in chronology ]

      • icon
        crade (profile), 4 Feb 2011 @ 6:45am

        Re: Re:

        I'm still waiting for someone to put "you agree to pay us 40 million$" in their "agreement" and try to enforce it when 90% of their customers "agree".

        link to this | view in chronology ]

  • identicon
    Lee, 4 Feb 2011 @ 5:28am

    Falsehoods

    When you run FALSE stories like this, it reflects badly on your other journalism and makes me doubt your integrity.

    link to this | view in chronology ]

    • icon
      Shadojak (profile), 4 Feb 2011 @ 5:45am

      Re: Falsehoods

      Jeezus, no one can read anymore.

      And Just for your consideration...WHY are you renting a PS3?

      Since, according to their logic, you don't own it.

      You are just responsible for the repair costs it might need.

      But if you want to play PS3 games, you must rent it from them, on a longterm basis.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Feb 2011 @ 5:37am

    SONY : Once a corrupt company always a corrupt company.

    STOP BUYING SONY PRODUCTS OR THEY WILL NEVER GO AWAY AND GET THE HELL OUT OF MY PURCHASED PRODUCTS.

    ROOTKITS ON AUDIO CDS
    ROOTKITS ON DRM - SECUROM

    THIS COMPANY IS SHADY, ANYONE DOING BIZ WITH THEM DESERVERS WHAT THEY GET SINCE IT HAS BEEN KNOWN SINCE 85 THAT THEY HAVE NO RESPECT FOR THEIR CUSTOMERS.

    BOYCOTT SONY!
    BOYCOTT SONY!
    BOYCOTT SONY!
    BOYCOTT SONY!

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.