Fancy hacking a PlayStation? Sony announces its bug bounty program – Naked Security

You’ve probably heard the French saying, “Plus ça change, plus c’est la même chose.”

Alliteratively coined by the French satirical writer Jean-Baptiste Alphonse Karr, it means that the more things change, the more they remain the same, and it’s a cynical observation that what seems like an improvement may not, in the end, sort out the underlying problems or attitudes it was mean to fix.

Well, here’s a change that really does seem to be a change, in heart as well as in direction!

Sony, maker of the PlayStation games console series, has not always been friendly to hackers.

About ten years ago, the company famously took legal action against a young George Hotz, better known as geohot, an American hacker – in the neutral sense of the word here – who has found his way into numerous “locked down” devices over the years.

Hotz, who is now into open source self-driving automotive software, has variously come up with jailbreaks (or roots as they are known on Android phones, after the Unix name for the top-level administrative account) for iPhones, locked-down Androids such as Galaxies

…and for the Sony PlayStation 3.

Sony wasn’t impressed, and launched legal action against Hotz, even though the main purpose of Hotz’s reverse engineering seems to have been an attempt to allow PS3 owners to run alternative operating systems such as Linux or FreeBSD on their own devices.

(Sony used to allow users to install their own software on PlayStations through a feature descriptively known as OtherOS, but ultimately removed the option, making the PS3 a locked-down system in the fashion of a device such as the iPhone.)

As you can imagine, Sony’s reponse didn’t go down well in the hacking and modding (short for modification) community.

Ultimately, as far as we can tell, Sony settled its legal wrangle with Hotz pretty much on the basis that he would give up on PlayStations, retire all his Sony hardware to a box in the cupboard under the stairs, and not hack on it again.

Well, both the hacking scene and the industry have moved on since then, with the finding and responsible disclosure of exploitable security holes now a respectable and often very well paid job in cybersecurity.

Indeed, Hotz himself went on to achieve successful exploits against both Adobe Acrobat Reader and Firefox at the PWN2OWN competition, where entrants publicly target mainstream products such as document readers and browsers to prove that they can bypass the security protection of those products and win (often substantial) cash prizes.

Bug bounty hunting

Of course, bugs-for-money programs, generally known as bug bounties, aren’t just free-for-all exercises.

There are generally very strict rules of engagement, notably that getting paid depends on a series of things:

Sony joins the club

Sony has now announced its own bug bounty programs for the PS4 and the PlayStation Network:

We believe that through working with the security research community we can deliver a safer place to play. We have partnered with HackerOne to help run this program, and we are inviting the security research community, gamers, and anyone else to test the security of PlayStation 4 and PlayStation Network. Our bug bounty program has rewards for various issues, including critical issues on PS4. Critical vulnerabilities for PS4 have bounties starting at $50,000.

We’re assuming that a critical PS4 vulnerability would be the sort of bug that allows remote code execution, or RCE, whereby an attacker could run untrusted code, implant malware – or, indeed, jailbreak the device.

Other critical vulnerabilities usually include bugs that allow attackers to extract private data such as cryptographic keys or other information that is vital to the security of the device or ecosystem.

Sony says that it has had a closed bug bounty program for a while – one in which selected researchers have been invited to take part – but the program is now open to all.

By the way, that $50,000 payout for a critical PS4 vulnerability is a minimum, so for a bug that offers a full, automated, “click here to jailbreak” attack, you can probably expect a fair bit more than that.

Over to you…

This content was originally published here.

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email