The PS5 has been hacked: here’s what you need to know about the console security problem

A group of hackers claim to have managed to decrypt the firmware of the PS5 and gain access to the encryption keys of the PlayStation 5. A crucial moment for the Sony console.

The PS5 motherboard // Source: Frandroid screenshot

Since the first consoles, it’s been a cat-and-mouse game between the manufacturers who sell a closed machine and the hackers who want to open it and allow it to launch all kinds of software. The stake for a console manufacturer is obviously not so much to prevent you from installing Linux (the PlayStation 3 very officially authorized it for a time), but rather to prevent pirates from running games marketed shared in line.

The launch of a generation is an opportunity to reset the counters and to offer a new machine with new safety features. Unfortunately for Sony, it seems that the safeguards put in place for Playstation 5 were insufficient. The Fail0verflow hacker group announces that it has opened the console.

A deep software flaw exploited

The Fail0verflow group posted an image on Twitter showing a readable version of firmware 4.03 and, more specifically, demonstrating that the group has access to the PS5’s symmetrical keys. The second tweet states that this was obtained by software.

Translation: We got all (symmetric) ps5 root keys. They can all be obtained from software – including per-console root key, if you look hard enough! https://t.co/ulbq4LOWW0

– fail0verflow (@ fail0verflow) November 8, 2021

If it’s software, it should be possible for Sony to correct the flaw, but beware, the damage may already be there.

What does this act mean?

Access to the primary keys of the console is a very important element to allow its opening, by force. In principle, this can allow “Sign” software so that it appears to the console as having been authorized by Sony and therefore authorized to be released. This applies in particular to illegally shared games.

For regular gamers without pirate consoles, this shouldn’t be a problem in principle. It is indeed necessary to obtain the specific key of the console, to sign a malicious software and allow it to be installed. This is not what this flaw exploitation should allow.

How easy is it to hack the PS5?

The Fail0verflow group did not disclose the method of obtaining this advanced firmware access. It is very likely that the operation is for the moment complex and accessible only to a handful of connoisseurs in the world.

This could however be the first step to more easily hack the console in the future. Other groups of hackers could in particular open the other firmware of the PS5 with the obtained keys and analyze the files for other vulnerabilities.

Can Sony easily correct the flaw?

Fail0verflow indicates to have obtained this access thanks to a software flaw. Sony should therefore be able to offer a patch correcting this security flaw.

However, it remains to be seen whether Sony can change the console’s master key through an update. If not, even if the update fixes the flaw, the results of the flaw will still be there. Particularly the possibility of digitally signing software without Sony’s consent.

When will the method be revealed?

For his part, Andy Nguyen (@ theflow0), security researcher at Google, announces that he has access to the console debug menu on the latest firmware of the machine. He posted a screenshot proving it on Twitter.

# PS5Share pic.twitter.com/xem0A7i3rC

– Andy Nguyen (@ theflow0) November 7, 2021

He probably uses the same loophole, and does not intend to disclose the method. The Fail0verflow group got into the habit of revealing its method after the manufacturer had corrected the problem. We can expect an update from Sony as soon as the flaw has been corrected.

To follow Frandroid, we invite you to download our Android and iOS app. You can read our articles, tests, reports, tips and watch our latest YouTube videos.