Hacking team fail0verflow last week demonstrated a hack of Sony's PlayStation 4 game console that allows anyone running the modification to run the Linux OS on the appliance.
The demo was part of a lightning talk session at the 32nd Chaos Communication Congress.
The hackers used exploits in FreeBSD, PS4's operating system and WebKit, which powers the game console's browser.
Both the OS and
browser are open source and vulnerable to security exploits, according to Marcan, a member of failOverflow. The PlayStation 4 is based on the x86 architecture.
The ability to run a modification "was the way to go for the PS4," said Marcan.
The hacking team isn't interested in piracy or free games from the exploit. Those who are can "write an exploit, point it to our loader and you'll get Linux," Marcan added. The team will help those who are interested to "get it hooked up/debugged if needed," but those who want free games should "go away."
The hack will be a nuisance that Sony engineers will likely block to ensure no additional threats to its ecosystem and network.
"No harm will come to the hardware though. The only threat is just to Sony's security risk," said Rob Enderle, principal analyst at the Enderle Group.
"There is no upside for Sony to allow it. I expect Sony will do everything it can to shut it down," Enderle told LinuxInsider.
Hacking Details
The code is in a raw state, with some components not releasable. Some of it was reverse engineered from Sony modifications to FreeBSD and needs to be rewritten and cleaned up, according to the hacking team.
Its goal is to get the patches upstreamed in the Linux kernel, but that process will take time. In the meantime, failOverflow members have opened a work-in-progress repository to share contributions as soon as is practical.
The group does not plan to release exploits, but it expects that other people will, according to Marcan.
Blocking Attempts
Sony, which declined to comment on the situation, may have no choice but to prevent all clandestine activity involving running Linux on its game console.
"The problem with allowing any other operating system to run on your equipment is that you can break things whenever you patch your system. Then users get angry when something does not work," said Enderle.
Given all the breaches taking place, companies really don't want another operating system running that they don't control, he said. Permitting that could allow access to Sony's network if somebody breached an appliance and followed it upstream.
"Plus, the PS4 was never designed to be a PC. You have to ask, why do the hack?" Enderle said, suggesting that the intention might be to cheat the system or do something nefarious.
Deja View Again
The Linux intrusion is not necessarily a new occurrence for Sony's game console. Back in 2002, Sony supported Linux on the PS2, according to Charles King, principal analyst at Pund-IT. Support continued when Sony utilized Cell processors (developed by Sony, IBM and Toshiba) in the new PS3 around 2006.
"I remember attending an IBM event back then where high school and college kids competed in a hack-your-PS3 contest. The winner was a guy who created a cluster of six PS3s to crunch gnomic data," he told LinuxInsider.
Regardless of the source and reason for earlier support for Linux on the PS4, Sony saw no money from the endeavor, according to Enderle.
"There was no additional revenue associated with that. Sony did not make any money from supporting Linux. It created a support nightmare for their appliance," he said.
The End Game
In short, if PS4 owners download the Fail Overflow file and follow the directions, they should be able to install and use a version of Linux that the group customized to run on the PS4, noted King.
"The group showed a demo of a modded version of Pokemon Emerald running on a PS4, but it is not clear to me what other games or applications the FO-authored Linux might support," he said.
It is possible that someone could run other Linux-based games and maybe Linux applications. That could include games written for other platforms as well as pirated games and software, King added.
No Lasting Defense
There probably isn't much danger to the game hardware except what users face when installing any form of unapproved software, he said. Sony likely will announce that installing FO's Linux will void the PS4's warranty/guarantee.
"Since out-of-warranty used and refurbished PS4s are readily available," King noted, "that is mostly an empty threat."
No comments:
Post a Comment
Leave a comment