updated 04:30 pm EST, Tue February 1, 2011
New PS3 firmware may let Sony run remote code
Sony's new 3.56 firmware for the PS3 may have introduced a potentially dangerous avenue for Sony and others to control the system from a distance. Owners have said the update reportedly now supports loading remote code the moment it logs into the PlayStation Network, similar to a rootkit. The approach found on NeoGAF's forums could let Sony alter code and introduce new checks without having to roll out a completely new firmware upgrade.
The new code execution routine might not even be erasable for any console getting online. Since Sony's servers wait for a reply before going ahead, removing the code that would provide the response could make it difficult to connect without either having the official response or somehow forging the traffic, which isn't known to be reliable.
Sony's decision might have long-term consequences and could create problems for legitimate users. Malware writers or other hostile code writers could see this as an identifiable point of attack and could, if they properly fake a legitimate source, inject their own code to compromise the PS3.
The steps came after unofficial teams discovered a possibly permanent jailbreak and Sony began taking drastic actions in an attempt to curb piracy but also fair use. It has gone so far as to get a restraining order against Geohot, one of the discoverers, even though he took extra steps to ensure his technique couldn't be easily used for piracy.
Sony has had a troubled history with imposing extra security measures and infamously placed an actual rootkit on 52 music CD titles. The approach exposed Windows users to possible hacks and led to class action lawsuits as well as a complete reversal of Sony's practices.