Jailbreaking PS3s is a security risk
A PS3 hacker has made some as yet unverified claims that Sony is spying on PS3 users. Apparently they can check all sorts of information about device usage, including USB attachments and even what kind of TV you are using. Worse still, is the allegation that Sony is storing credit card information online as an unencrypted text file.
There are even claims that Sony is monitoring PS3s that haven’t signed into PSN, but are connected to the internet. Apparently a number of users with hacked firmware are receiving e-mails from the Sony legal department even though they aren’t logged into PSN, prompting fears that Sony is watching us…
Now of course all of this is unsubstantiated rumour. The real bit of information to take away is this fairly obvious warning: custom firmware (CFW) could pose a security risk.
Downloading and installing CFW packages might enable all sorts of wonderful Linux possibilities, or piracy if you are that way inclined. Hypothetically, if one is foolish enough to install a dodgy CFW and then log into PSN and make a purchase, the sneaky hacker who released the firmware could intercept and steal credit card information.
The hacking community explains that since connections to PSN are SSL encrypted, the CFW could contain a fake SSL certificate. This fake certificate would redirect traffic headed to PSN to a hacker’s secret hideout under a volcano, whereupon they can decrypt and steal credit card information and other personal information. The hacker then re-encrypts the data and sends it on to PSN, with parties on either end unaware of the nefarious deed.
This isn’t entirely in the realm of tinfoil hat wearing conspiracy theory, as similar middle-man data thieving schemes have been used to good effect on compromised PCs. Similar to CFW hack jobs, these spoof SSL certificates can be included in pirated versions of operating systems, most notably Windows.
Legitimate PSN users have nothing to fear, as it is well within Sony’s interest to ensure credit card transactions remain as secure as possible and private data is protected. Only those brave/stupid enough to install dodgy CFW are at risk – and some might suggest those of the Jolly Roger persuasion deserve it if they fall victim.
Would you install CFW on your PS3? << Share your thoughts on the MyBroadband forum.
Source: Ars Technica