Hackers Describe PS3 Security As Epic Fail, Gain Unrestricted Access

by Mike Bendel December 29, 2010 @ 11:19 am

Prominent hackers Bushing, Marcan, and Sven took the stage at this year’s annual Chaos Communication Congress (27C3) to showcase their latest underground efforts on PS3. The trio describe Sony’s security measures as an ‘epic fail,’ pointing to the botched implementation of ECDSA. Apparently, the so-called ‘random’ number used to create the private key is always static.

What does mean for you, the end-user? Well, it means that homebrew devs can essentially sign their own applications. The keys generated as every bit as valid Sony’s own official signatures. Full control means custom firmware is within grasp. What’s more, is that the feat is valid for all current firmware up to 3.55 and possibly beyond.

We’ve embedded a video after the break highlighting the key segments of this talk. While a workable implementation of the hack has yet to be released, the team promises it is coming soon. In the meantime, they’ve launched a website aptly dubbed fail0verflow.

Follow this author on .