PS3 security is "epic fail"

[Piru]

Yes, you are correct. I just watched the last 15 minutes of the presentation, and this looks as bad as it gets. The Sony designers certainly ticked all the right boxes and threw the right algorithms at the task (anybody not using ECC and AES these days?), but what did them in was likely a trivial programming error in the code that was supposed to supply proper crytographic random numbers to the ECC implementation.

Actually I don't believe it to be an error per se. They just failed to realize that "random number x" actually meant "new random number x every time", while elliptic curve crypto documentation is quite clear about it. This is the epic part in the fail.

Makes you wonder whether the crypto was properly reviewed by a separate team, or if the same guys who wrote it also reviewed and "certified" it. My guess is that it's probably the latter. With that much at stake (Blu-Ray security, PSN security, etc.), this is exactly the kind of process you must not scrimp on. But it happens all the time, even for organizations which ought to know better.

Indeed. Bruce Schneier summarized it pretty well: http://www.schneier.com/essay-028.html

I personally would never even imagine trying to build my own crypto. It's just too easy to fail. I'm perfectly happy to use ready to use and proven solutions such as things provided by openssl.

Here's another recent crypto failure:
HDCP 'master key' supposedly released, unlocks HDTV copy protection permanently
(well not that recent as it was predicted ages ago that the thing was broken... oh, noone listened)

And here's one somewhat older (well newer really;)) case that was really serious:
Debian OpenSSL Predictable PRNG Toys

[olsen]

Actually I don't believe it to be an error per se. They just failed to realize that "random number x" actually meant "new random number x every time", while elliptic curve crypto documentation is quite clear about it. This is the epic part in the fail.

That could have been a case of "cookbook programming": 1) find a working, documented implementation of the algorithm and deploy it, 2) ..., 3) profit!

Bruce Schneier at one point came to regret writing his landmark book "Applied cryptography" because it led programmers to believe that the magic was in the algorithms, and not in how they were deployed.

Indeed. Bruce Schneier summarized it pretty well: http://www.schneier.com/essay-028.html

It's right on the money.

I personally would never even imagine trying to build my own crypto. It's just too easy to fail. I'm perfectly happy to use ready to use and proven solutions such as things provided by openssl.

We may never know how Sony came to choose the technology they deployed. Organizations of that scale usually learn only from failure, and there haven't been that many security tech failures originating from within Sony, unless I'm mistaken (I would not consider the CD "root kit" debacle to be a comparable security failure: it "only" compromised the security of the consumer, but not the security of the manufacturer).

Microsoft had the opportunity to learn from the XBOX security hacks, but Sony's previous console was not as technically complex as the XBOX. So Sony could not build upon an existing design and iterate.

I guess that because Sony started over from scratch for the PS3, it led to the security design to be developed from scratch, too, with no references to existing similar designs. They may have rejected traditional, proven technology (old-fashioned RSA/DSA, etc.) because of how their product development process works. It would not surprise me at all if this is how it went down.

Here's another recent crypto failure:
HDCP 'master key' supposedly released, unlocks HDTV copy protection permanently
(well not that recent as it was predicted ages ago that the thing was broken... oh, noone listened)

I think I remember that the researcher who discovered the issue was either bought off or silenced. Intel probably calculated how much they had already invested into the technology and decided that "security through obscurity" would likely give them enough time to recoup the investment and make enough money on it before the next generation of the interface would go to market. In a way, this paid off, didn't it? We probably would still be waiting for affordable flat screen displays and TVs to become available if Intel hadn't stepped in and standardized the connector technology.

And here's one somewhat older case that was really serious:
Debian OpenSSL Predictable PRNG Toys

Yup, that one was ugly and epic, too

[actung_bab]

Actually currently you need to hack the PS3 with the USB dongle. This will change once the disc keys (and any other keys that might be needed) have been recovered. Later on this should change, however.

this is true but waste of time not that l whould but you whould not be able to log on to play online or go on the playstation network as you need to have much earlier version of the playstation 3 firmware

[hardlink]

I misread the title as "PFS3 ...", which I would have found a lot more interesting.

[Matt_H]

And this all happened because Sony wanted to stop Linux, and by doing so pissed off hackers.
Some top boss in Sony is probably taking his hat and leaving the company by now...

This proves that they need a new business model. At launch, Sony was taking a loss on every console sold and attempted to profit on software. I imagine that's still the case  - if they're selling heaps of consoles with no software to go with them, they're in trouble. They've been able to curtail this customer behavior with DRM nonsense and legal threats, but now the floodgates are open.

I'm not usually one to unquestioningly espouse the philosophy that the free market is always right, but in this case, it is.

Sony needs to learn how to respond to consumer demand and how to make a profit on hardware. The result would be a win-win.

[A1260]

When copied games can be run, console sales go up. Watch the PS3 sales now......

[Tension]

When copied games can be run, console sales go up. Watch the PS3 sales now......

Which is bad for Sony, ironically.

At least I have water!

[Tension]

Self signed homebrew is now possible after the PS3's private keys have been cracked.

This is a family-friendly forum.  You have received an infraction.

[ciento]

And this all happened because Sony wanted to stop Linux, and by doing so pissed off hackers.
Some top boss in Sony is probably taking his hat and leaving the company by now...

When I first read sony was ending otheros, I thought it would take around 3 months of rage coding for the hackers to enter the deathstar, and now, they're in,
and teams are rampaging their way to the bridge, and control rooms. :hammer:

Guys leaving such huge corporations sometimes have a greatly reduced
carbon footprint. :lol:

[Tension]

Sony, I Am Disappoint!

[KThunder]

This proves that they need a new business model. At launch, Sony was taking a loss on every console sold and attempted to profit on software. I imagine that's still the case  - if they're selling heaps of consoles with no software to go with them, they're in trouble. They've been able to curtail this customer behavior with DRM nonsense and legal threats, but now the floodgates are open.

I'm not usually one to unquestioningly espouse the philosophy that the free market is always right, but in this case, it is.

Sony needs to learn how to respond to consumer demand and how to make a profit on hardware. The result would be a win-win.

+1

problem is though sony won't learn, past sony brushes with drm trouble shows that. Neither will any of the other companies. What they will likely do is lock things down even tighter, which won't help.

[fishy_fiz]

I didnt read all the threads, but "epic fail" seems a bit extreme to me All consoles do and will get hacked at some point. There's enough clever people out there with an interest in cracking cosnole security, just for the challenge and notoriety to make sure of that. The fact that its taken so long I'd actually consider quite a success in this day and age. Having said this though, other than through my general video game interest I have no major investment in what happens with ps3 anyay 'cos I dont have one  

[jj]

Yes but usally the hacks are chips are some other hardware mode or casusing and overflow so you can run your own code to take over.
 
All this is done so you can run un-signed code on the machine.
 
THis is different, this will enablle people to run there own code on un-modified ps3.
 
This is an epic fail.

[olsen]

I didnt read all the threads, but "epic fail" seems a bit extreme to me

The term was used by the researchers who presented it at the 27C3. I've just seen the entire presentation, and I can understand why they called it "epic fail".

The security system used by the PS3 is layered, so in theory an adversary would have to break down each layer for the whole system to be compromised. But as the presentation showed, the layer design is either bungled (e.g. the media encryption, the code signing), effectively irrelevant to security (e.g. the Hypervisor, the crypto functions of the dedicated security processor) or so brittle that there is no defense against compromised components (e.g. the bootstrapping process).

A lot of effort went into implementing these security measures, but taken as a whole their effectiveness is reduced to security by obscurity, which is shocking if you are familiar with the technology. This ought to have been designed and implemented much better.

What is "epic" about the whole affair is how much effort Sony spent on this product, how long it took to become marginally profitable, how long Sony plans to keep this product alive, and yet how little leverage is required to undo these efforts. Feet of clay, etc.

All consoles do and will get hacked at some point. There's enough clever people out there with an interest in cracking cosnole security, just for the challenge and notoriety to make sure of that. The fact that its taken so long I'd actually consider quite a success in this day and age.

Actually, how the security system came apart is what makes it an "epic" failure. It did not withstand the attacks because of its resilient architecture: there is no resilience where it would have mattered. It withstood the attacks because of the security by obscurity principle. That is not a success because the barn door is wide open by now. As they say, attacks only get better over time, they never get worse.

All the PS3 devices Sony sold up until now are vulnerable to the kind of exploit that would hurt Sony's business: pirated games. And it may not take long for the exploit to get "better" in that the security of the Blu-Ray device could be compromised. Which would hurt Sony, too, since they pretty much control this technology and benefit from the byzantine technology licensing scheme.

The kind of security Sony's engineers tried to implement in the PS3 can only succeed in buying time before a successful security compromise will have a noticeable impact on the market which the device was created for. What is shocking about the security failure presented at 27C3 is both in how inadequate the security architecture of the platform actually is, and in how little time it actually bought Sony. They have barely succeeded at making the PS3 profitable, and the jury is still out on whether the Blu-Ray platform will ever be profitable before other technology succeeds in eclipsing it (e.g. online streaming).

[dammy]

Self signed homebrew is now possible after the PS3's private keys have been cracked.

AROS for PS3 anyone?

http://psgroove.com/content.php?581-Sony-s-PS3-Security-is-Epic-Fail-Videos-Within&

I guess we will also see the calls for OS4 to be ported now that the PS3 has been cracked? ;-)

[ciento]

The term was used by the researchers who presented it at the 27C3. I've just seen the entire presentation, and I can understand why they called it "epic fail".
.

:lol: By removing otheros, sony poured gasoline on themselves,
then challenged the linux coders to a duel using flamethrowers. :roflmao:
Can't get much more epic than that!