Hackers identified security weaknesses in Sony's new PlayStation Classic gaming device and managed to inject the device's code via the system’s UART serial port.
The hack was courtesy of gaming console hackers yifanlu and madmonkey1907.
YifanLu used Twitter to demonstrate steps of the hacking procedure, saying that
Sony has signed and encrypted the most sensitive parts of the system using just one key which is embedded on the console itself.
In addition, ist seems that the Sony PlayStation does not perform any signature check for the bootroom code when the console starts.
These allowed Yifanlu to load Crash Bandicoot prototype on the PlayStation Classic console.
Following the disclosures, Playstation enthusiasts have already developed open source projects that allow PlayStation Classic owners to run games that are not bundled with the console and even load non-PlayStation software.
Sony has not provided any comment.
Have in mind that the risk of bricking the console while attempting to load a USB thumb drive with a formatted payload os always there.