As the COVID-19 lockdown forced people to stay home more than usual, an increasing number started looking for in-house entertainment. People have been playing their old Gameboys, finishing games from Steam sales, or even starting to look into ways to play games on their PlayStations for free.
Even a novice can find information on how to jailbreak their PlayStation, but would that lead them into danger from threats? With this question in mind, we set out to gain an understanding of the threats that affect non-technical and/or naïve users who act outside of the Playstation Network (PSN), the official PS user ecosystem.
Custom firmwares and jailbreaks make up the largest, most propagated, and visible part of the PS hack scene. Less ethical users often attempt to find a way to play games for free, and that’s how most custom firmwares are installed. PlayStation is a non-general-purpose computing system (gaming console), and because of that, Sony wants to protect it from any unauthorized usage, including custom firmware installation.
In this situation, unauthorized usage means arbitrary code execution, especially in the case of freely downloaded games. Sony includes a code signing mechanism to prevent that. We won’t dive deep into technical details; it’s enough to say that official firmware allows users to run only games bought on PSN and is protected from being rewritten. Escaping from these restrictions is called jailbreaking. Jailbreaking a device is considered (by Sony) to be illegal, as it allows users to install custom firmwares and run pirated games.
When people install custom firmware in order to have more functionality (or, in this case, to get free games), they put the security of their PlayStation at risk. Moreover, because PlayStation is in the local network, they put their whole smart home at risk.
PlayStation’s firmware is just like any other operating system, such as the one on your laptop or PC. If someone tampers with the firmware, they can gain control of the device. For example, they could make the device part of a botnet or use it to scan and attack other devices inside the network. Because there are no security clients for PS3, it’s nearly impossible to detect such activities. To stay protected, you would have to use a security solution that run on the network level, like Avast Omni.
As an example of custom firmware, here is one of the oldest, in-game projects: A REBUG project (latest firmware from them dated October 2019):
They focused on PS3 consoles, probably because there is still no robust exploit for the latest models of PS4, which we discuss further below.
Proving that certain custom firmware contains malicious code — or, on the other side, is clean — was not our goal. Also, we’re not trying to scare you by saying that any custom firmware is malicious (that’s definitely not true). What we are trying to do is to show you security threats that are in place when you install non-official firmware.
To illustrate this, we built our own custom firmware for PS3 and tried to introduce code of our choosing. Again, as this is an overview we will not dive deep into technical details. But for PS3, it was a simple procedure, since there is a publicly available tool for creating custom firmware
Notice the “interesting” functionality of this firmware builder, demonstrated in the screenshot:
An author can add any package to the system. To be clearer – “any package” means any program, like a botnet client, cryptocurrency miner, backdoor for manual access, and so on. Of course, it doesn’t necessarily mean that any custom firmware contains malicious software. This tool is designed for building firmware which can give unique user experiences. It’s similar to creation of custom Linux distributions: One author believes it’s better with a KDE desktop, and the other hates KDE and uses LXDE – nothing malicious in either case, but different software.
In other words, if the author wants to create infected firmware, it’s possible and not hard to do. Additionally, the PlayStation ecosystem is not hack- and threat-free. For example, there’s the well-known malware PSPBrick – http://wololo.net/2015/03/26/the-malicious-code-hackers-put-in-their-software/
The current version of PS4, with the latest firmware, however, is safe from these kinds of jailbreaks. The reason is simple – there’s no “good” exploit yet that can provide a robust jailbreak on the latest models with the latest version of firmware onboard. The latest jailbreakable firmware is version number 5.07, which you can still buy on eBay: https://www.psxhax.com/threads/locating-a-jailbreakable-ps4-5-05-5-07-firmware-console-in-2019.7130. The latest publicly available hack is https://www.exploit-db.com/exploits/47893, an exploit for WebKit which worked on 6.xx versions of the firmware. However, this exploit didn’t allow end users to run pirated games.
Of course, reverse engineers and exploit developers are surely working on it and it’s probably a question of time before the current firmware for PS4 is exploitable too. However, at the moment of writing this paper, the main threat for pirated-games-hungry users is a phishing campaign, targeting the high desirability of PS4 jailbreaks. We discovered several videos and text guidelines that explain how to install custom firmware on any PS4 console with just two clicks. Each guideline ends up with a request to send an SMS and/or run some program on your PC. For example, look at https://psxexploits.com/ps4-jailbreak-exploit-cfw/, a well-crafted story that promises you a 7.50 jailbreak:
A naive user might be duped into entering their email and regional information, as shown below:
Next, the user will be presented with a promising page, with “3 exploited firmwares found” and asked for a payment:
Here’s another example of a phishing campaign:
Of course we block each of these phishing websites:
PlayStation is fun — but, like all technologies, it comes with risks. Use the console the way you’re supposed to use it and you should be protected from malware and phishing campaigns. If you don’t, you’re potentially putting your identity, privacy and security — and the identity, privacy, and security of everyone in your home — at risk.
IoC Links: