F-SECURE AND THE PLAYSTATION END USER SECURITY

Member

F-SECURE AND THE PLAYSTATION END USER SECURITY

My first question is about F-Secures involvement with SCEA.  Is this still an ongoing partnership or was this simply for the PSN hacks of last year?

 

The reason I ask is there seems to be a new exploit on the PS3.  The private keys for the base layer of the hardware 'Lv0' has been dumped and accessed.  This means illicit users now have, what is being deemed as the hack to end all hacks on the PS3, full access to the private keys used for encryption at all other levels of the system.  This includes the PSN passpharse.  Its also given the ability to 'emulate' the PS3 on a PC, as well as connect to the PSN WITHOUT a running PS3, to include even an emulated PS3.  And strangely enough, much like SCEA's failure to promptly inform their consumers (on the PSN via the TOS) last year; they have yet to comment on this.  This is something that has been PUBLICLY available for over 80+ weeks in methodology and the actual keyset for Lv0 has been PUBLICLY available for over two weeks now.  Playstation Consumer Services seems to be FULLY unaware of this exploit as well, at least what they 'seem' to know... But Iv had to work with Nolan Hass to get the now existing privacy settings for the PSN message system for over four years... With much frustration as to why he could not understand the importance of.

 

Can anyone enlighten us here so we can carry this message to other areas of support for the PS3?

 

Here are a couple of links to verify that this is available:

 

PSN Biggest Hack Yet

Hackers Expose Sony's PS3 Again

Hackers leak PlayStation 3 decryption keys

7 REPLIES 7
Senior Member

Re: F-SECURE AND THE PLAYSTATION END USER SECURITY

Hello Everyone and I have been dealing with Hacking and Malware problems for a very long time seeking help from F-Secure. I believe my PS3 may have been compromised aka Hacked what can I do? I have done a complete system reinstall and low level format and wipe. Then it seems like this infection just comes back. I purchased the Trend Micro solution right away because I had no choice for any protective measure except for a good router/firewall and that is it. If anyone has any ideas or advice please help me out. I talked to Sony and they want me to send it out for repairs for 124.00 and I am trying to tell them that I never physically damaged the united and kept it in a cool HEPA cleaned environment unlike the rest of my house. I got no dice. Anyone with any advice please help because I need to plug the hole somewhere even if I get the  PS3 fixed.

 

Thank You So Very Much,

RIch W

"All that is necessary for the triumph of evil is that good men do nothing." (Edmund Burke)
Former F-Secure Employee

Re: F-SECURE AND THE PLAYSTATION END USER SECURITY

Hi guys!

I will get someone from F-Secure to reply to you!

 

Thanks you for your comment and feedback.

Cheers!
ElseH
F-Secure Community Manager

Has somebody helped you? Say thanks by giving kudos.
Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
F-Secure

Re: F-SECURE AND THE PLAYSTATION END USER SECURITY

Hi there.

 

F-Secure has no partnership with SCEA. 

 

We've covered the PSN Hack here:

http://www.f-secure.com/weblog/archives/00002148.html

 

and the lv0 key leak here:

https://twitter.com/mikko/status/260827290404020224

 

We don't expect to see any particular hacking activity on Playstation3s because of this. People will just be able to root their devices easier.

 

All the best,

Mikko

Find me as @mikko on Twitter
Former F-Secure Employee

Re: F-SECURE AND THE PLAYSTATION END USER SECURITY

Thanks Mikko for your reply!

 

Has somebody helped you? Say thanks by giving kudos.
Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.
Highlighted
Senior Member

Re: F-SECURE AND THE PLAYSTATION END USER SECURITY

Thanks for the reply. It seems my PS3 got hacked and hit anyway. Since Sony does not give your restore Discs and their solution is a browser based joke internet solution. I am going to have to Pony up the 124.00 for the repair and regain the "It does everything experience." I really wish I lived in Finland right now. I would give you guys the unit for free and say here who ever it was find them and keep the PS3 for free. Thanks again for the reply. Sincerely, Rich

"All that is necessary for the triumph of evil is that good men do nothing." (Edmund Burke)
Member

Re: F-SECURE AND THE PLAYSTATION END USER SECURITY


@MikkoHypponen wrote:

Hi there.

 

F-Secure has no partnership with SCEA. 

 

We've covered the PSN Hack here:

http://www.f-secure.com/weblog/archives/00002148.html

 

and the lv0 key leak here:

https://twitter.com/mikko/status/260827290404020224  -OUTDATED AT THIS PONT

 

We don't expect to see any particular hacking activity on Playstation3s because of this. People will just be able to root their devices easier. -the exploit is decrypting the PSN Passphrase granting termnail access to the PSN.  This suggests more than just HW root-ing.

 

All the best,

Mikko



Mikko,

 

First off, Im gald you are not partnered to them.

 

Maybe your not following things like some of us users who dont have money to spend on PS3, after PS3, and dont want to see our content breached, espcecially since Iv put more than $1500 into my SCEA console and DLC.  However, are you aware that illicit usres are now using homemade apps to FULLY operate their PS3 via their PC's?

 

Personally, I spend my time in research like this to block COD cheaters at the router level; since neither SCEA nor ATVI are dealing with the fact of how the cheating is done, or piggybacked.  Im tired of doing their job, so please do some research on my 'handle' to find this one out.  While Im discusted SCEA blamed GeoHotz for the removal of 'Other OS' functonality; being the real reason was they felt it was costing the Consumer Services Division to much money on users calling in for 'Other OS' support, I have NEVER used anything but Official SCEA Firmware.

 

Do you understand that illicit users now have COMPLETE access to decrypt the PSN Passpharse; this key is exchanged between my hardware and the PSN when I sign in?  Its allowing them to log into the PSN via terminal commands, which opens up en entire new avenue for ANYONE investigating CFW techniques as they can now start testing command after command til they exploit the PSN once again.  To not understadn this is to COMPLETLY under estimate the knowledge of those after our information.

 

As well, SCEA's most recent statment deals with them banning anyone they 'catch' with illicit frimware.  Are you aware they (illicit users) are now unbanning consoles that have been banned for years?  They have a tool that not only changes their hardware ID codes/values, but 'hide' the login information so they can use the same profile... EVEN THOUGH TO SCEA IT IS BANNED.  You do know how to use a search engine, right?

 

I appreciate you covering that you no longer are working with SCEA in these effects, and for the sake of your companies name you probably shouldnt.  Again they have failed the consumer in their promise to keep us as informed as possible yet this has been out for a bit now and they just barely commented yesterday.  I will guess that F-Secure would do their best to not operate their own company as such and understand what an absolute disgrace this is to those of us called PS3 Consumers.

Senior Member

Re: F-SECURE AND THE PLAYSTATION END USER SECURITY

Thank you Mikko I appreciate your reply and especially you explaining the situation. What happened to me is who knows is with my PS3. If it was hacked or what ever happened, Thanks again Mikko. Sincerely, Rich Walston

"All that is necessary for the triumph of evil is that good men do nothing." (Edmund Burke)