Despite Sony's "efforts" to patch the security holes of the PS3 game
console and lock out Linux sofware apps, hackers are now claiming
that they have managed to gain access to the system's innards by
taking advantage PS3's poor use of public key cryptography.
According to a team of hackers called "fail0verflow," the PS3
private signing key or ECDSA signature was exposed (Digital Signature
Algorithm). The group located this private cryptographic key needed
to sign off on high-level operations. Such keays are generally hard
to be exposed and according to their complexity, they require running
many generations of keys to crack.
The hackers worked backawrds: They used the generated keys and soon
they discovered that a parameter (k) that should have been randomized
for each key generation wasn't being randomized at all. And since the
PS3 was using the same number for that variable, it was easy to work
out acceptable keys using simle algebra. If you are interested in
cryptogry, you may read
this blog post describing how essential the
use of a random parameter (k) in the DSA is in order a system to be
safe against hacks.
"It is extremely important that all bits of parameter k be unique,
unpredictable, and secret. With two DSA signatures on separate
messages with the same k, you can recover the signer?s private key,"
the team says.
At the
27th Chaos Communication Congress, the team talked
about various hacks that users can use to gain control of their PS3
and make it run their own code.
2010 saw the first hacks for the Playstation 3, soon after Sony
removed Other OS functionality. The team described how Sony went
wrong when designing its security system, and show how these holes
can be used to gain control over the system and bring Linux back to
the PS3.