Attacks/Breaches
1/12/2011
09:17 PM
Connect Directly
RSS
E-Mail
50%
50%

Sony Sues Hackers Over PS3 Jailbreak

Geohot, also known as George Hotz, and others are accused of distributing code to circumvent PlayStation 3's copyright protection technology to run pirated software.

Sony has sued 3 hackers and 100 others whose names the company doesn't know for developing and releasing over the Web code that makes it possible to run homegrown or pirated software on the PlayStation 3 videogame console.

The consumer electronics company filed the complaint Monday in U.S. District Court in San Francisco, naming as defendants well-known hacker George Hotz of Cambridge, Mass.; Hector Martin Cantero of Spain, Sven Peter of Hungary, and 100 other unnamed hackers. Sony claims Cantero and Peter are members of FailOverFlow, a hacker group the company says is dedicated to circumventing the TPM, or technology protection measure, in the PS3 to prevent the use of pirated games and unauthorized software.

The 24-page complaint accuses the defendants of violating the Digital Millennium Copyright Act and the Computer Fraud and Abuse Act. Sony is asking the court to bar the defendants from developing and distributing technology for hacking the PS3, to turn over everything developed so far to Sony and to order the defendants to pay unspecified monetary damages. Sony claims it has suffered "irreparable injury and damage" as a result of the defendants' work, which has already been widely distributed over the Web.

The lawsuit claims that in late December 2010, FailOverFlow discovered a way to circumvent the PS3's TPMs, written into the console's firmware to prevent software pirates from running unauthorized software. The group then provided other hackers with the tools it developed.

Hotz, aka "Geohot," allegedly built on FailOverFlow's work and publicly distributed over the Internet software code to run pirated or unauthorized software on the PS3. A demonstration of the software allegedly developed by Holtz was posted last week to the Geohot channel on YouTube. Sony claims Hotz made his code available for download five days earlier on his Web site, where he left a message for the company: "If you want your next console to be secure, get in touch with me," the note said, according to the complaint.

"Unless the court enjoins defendants' unlawful conduct, hackers will succeed in their attempts to ensure that pirated software can be run on the PS3 system, resulting in the destruction of SCEA's business," the complaint says. SCEA stands for Sony Computer Entertainment America, the unit responsible for the PS3.

Hotz on Monday had taken down his Web site, leaving up a page that said he had been served with court papers. He also supplied a link to the complaint.

Sony claims the defendants have violated the DCMA by circumventing the PS3's copyright protection mechanisms to run pirated software. They also allegedly violated the Computer Fraud and Abuse Act by breaking into the workings of the PS3 beyond what is allowed in the user agreement and accessing proprietary technology.

Hotz first gained notoriety in 2007 when he hacked his Apple iPhone in order to use the smartphone on multiple carriers' networks. Apple at the time had an exclusive deal with AT&T. In late 2009, he turned his attention to the PS3 and documented his attempt to hack the system on his Web site. Hotz's work prompted Sony to make changes to the system in order to boost security.

SEE ALSO:

Sony Blocks Linux On PS3

iOS 4.1 Jailbreak Achieved, Hackers Say

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2003-1598
Published: 2014-10-01
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVE-2011-4624
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVE-2012-0811
Published: 2014-10-01
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files gene...

CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.