Sony PS3 3.56 firmware found to contain a rootkit

http://www.geek.com/articles/games/sony-ps3-3-56-firmware-found-to-contain-a-rootkit-2011022/

Is it another rootkit from sony?

 

As it seems...

 

No big surprise here seeing as how Sony has a history of rootkits.

 

Indeed..
Their response from the last time:
"Most people, I think, don't even know what a rootkit is, so why should they care about it?"

 

Sounds like a (malicious) pig farmer who'd argue;
"Most people, I think, don't even know what 'Trichinella spiratis' is, so why should they care about it?"

indeed.

 

Sony PS3 rootkit rumours rubbished

"Suggestions that Sony has added a rootkit with the latest firmware update to its PS3 console have been denounced as bunkum by a leading gaming security expert.

Rumours began flying on the interwebs earlier this week that the official 3.56 firmware upgrade for Sony's consoles gave the consumer electronics giant the ability to execute code on the PS3 as soon as a user goes online.

Sony can use the technology to verify system files or to look for home-brewed games, it was suggested. More sinister still, it was warned, the code can be updated without further firmware updates.

The more excitable elements of the gamer community as well as tech blogs and gaming sites cried foul over the move, with many describing it as the introduction of hidden "rootkit-style" functionality.

But Chris Boyd, a security researcher at GFI Security who has studied the security of online games for several years, points out the development is not new since Sony wrote the ability for it to do remote updates into its terms and conditions [1] since at least 2006.

"It's been known for a while that a networked PS3 will contact Sony servers at start up (whether it has an active PlayStation network account on it or not), which performs various tasks related to error logs, updates and other activities," Boyd (aka Paperghost) told El Reg.

Anyone using a PS3 agrees in the terms of service to allow their console to perform these tasks.

Mark Russinovich found a rootkit in Sony CDs back in 2005, provoking a huge privacy outcry. This has led some enthusiasts and bloggers to suggest that history is repeating itself with the PS3 firmware upgrade.

The PS3 firmware upgrade is nothing like as malign, argues Boyd, who has spoken on X-Box and online gaming security at several security conferences. "Comparing a last ditch attempt at blocking hacks and custom firmware to the truly dreadful CD rootkit is mind boggling."

Sony bundled ill-conceived copy-protection on its music CDs that meant a rootkit was installed if they were played on Windows PCs. This created a vulnerability on affected machines later latched onto by malware writers. Sony withdrew the technology following an outcry.

Comparing this to the PS3 firmware update misunderstands what has actually been done or the practical risks of the move, according to Boyd."

Full Story Here:

http://www.theregister.co.uk/2011/02/03/ps3_rootkit_hype/

 

I don't know what's with all the thumbs down. It's their platform, they can do whatever they want with it.

The function of analyzing code and submitting it over the internet is commonly done by AV companies and anti-cheat programs for games.

I don't have a PS3, but I wouldn't care if I did.

 

Unfortunately, they can and they do.

Everyone who bought a PS3 (fat one) because it also offered the option to install 'Other OS' (e.g. your favourite distro) has been forced (March-April last year) to choose between either having a PS3 that could run Linux also or being able to still play (multiplayer) games online, all because of one firmware update.
Of course, the EULA mentioned that Sony can change/kill/murder whatever functionality it wishes on a PS3 but it was still a bummer.
Some folks actually bought a PS3 because it also offered that specific functionality.
For a lot of people it felt like being Stan making a deposit at the bank; "....And it's gone!"

Yeah, that will make people hold a grudge.
And be veeeerrry wary of Sony's firmware updates because Sony has proven that it has a rather different view on useful functionalities than a lot of it's customers.

 

Just one question. When people bought their first PS3, with the capacity of installing Linux in mind, where was the EULA included? In the box itself? Or, inside, as part of the documentation?

Because, if it was inside the box, Sony sold a product with a feature - "Other OS". And, before people bought it with such in mind, they had no idea they would/could be removed one feature they paid for; perhaps the only one they cared for. And, if the EULA could only be read in a document stored inside the box, then for sure it was a rip-off, IMHO.

I actually had in mind such as well, for a little project of mine. But, after reading things like that, I stepped back.

 

I'm pretty sure it was not on the outside of the box. Not that it would have mattered. I'm sure nobody would have thought at the time they would remove any functionality. I don't care about the loss of Linux support as I would just use and old PC for that, but I am still unhappy that they continually redefine the functionality of something I paid $500 for. At some point they will do something that will make me very unhappy. When a PS4 comes out, I will think long and hard before buying one.

 

Checking core system files for tampering?
Check
Automatic (hidden) updates?
Check

Windows does that too and no one cried "rootkit".
Of course you can turn it off, use (even the built in) firewall and so on but you can't really compare a computer which contains private data with a game console.

Removing OtherOS is another topic. EULA or not doesn't matter, even if it was printed in big letters on the box. An EULA doesn't make something automatically legal, they can write anything in it, but does that hold in court? There was a class action lawsuit. Anyone knows how that went?

 

If this update can prevent cheats ripping everyone else off then I'm all for it. One of the reasons I stopped playing PC games online is because the cheating sucks. PC online gaming is dead to me.

Game consoles make gaming online harder for cheats to thrive. So no complaints from me.

 

Yeah, their platform, their choices!

This sounds lame like EU forcing MS to make some changes to their OWN SOFTWARE