The Chaos Communication Congress is an international hacker conference organized every year by the Chaos Computer Club of Germany. Every year, hacker teams and security analysts discuss the latest vulnerabilities, exploits and security enhancements for a variety of devices and networks. The 27th Congress, (27C3) dubbed We Come in Peacehas been going on in full flow and has attracted the best minds in the field of computer security.
One of the biggest announcements came today from the hacker group fail 0verflowwho, in effect, have completely taken control of the unhackable(until a few months ago) Sony PlayStation 3. While many alternatives exist to hack the PS3, the hackers at the conference dropped a bomb on Sony by showing how botched up the security detail on the PS3 actually is and how anyone can exploit this vulnerability with ease.
The Specifics: Apparently the randomnumber used to create every private key on the system is actually a constant number on all retail PS3s. In coding, random numbers are usually seededfor the random number generation algorith, i.e. the origin of any random value can be anything from the current time and date to the position of the mouse pointer in the X and Y coordinate system. Thus, it is well nigh impossible to calculate any randomly generated number simply because of its chaotic origin. However the (rather hippy) fail 0verflow hacker showed that, through complex math, the private key can be calculated from the static number.
What this means: The most promising consequence is dongle-less jailbreaking, similar to the PSP’s homebrew enabling software, as a coding exploit can utilize this piece of information and give the use complete control of the console.
What the future holds: Fail 0verflow have said that their primary goal is to make all PS3s run Linux. While the legacy (80GB) PS3s had this functionality, it was since withdrawn by Sony. Fail 0verflow have said that their project in no way involves piracy. Nevertheless, it is very likely that their exploit will be used for pirating games eventually. Since this breach of security is huge and so intricately lined with the innards of the PS3 firmware, it will be difficult for Sony to patch this up.
The three video presentations by fail 0verflow are embedded below.