Attacks/Breaches
1/12/2011
09:17 PM
Connect Directly
RSS
E-Mail
50%
50%

Sony Sues Hackers Over PS3 Jailbreak

Geohot, also known as George Hotz, and others are accused of distributing code to circumvent PlayStation 3's copyright protection technology to run pirated software.

Sony has sued 3 hackers and 100 others whose names the company doesn't know for developing and releasing over the Web code that makes it possible to run homegrown or pirated software on the PlayStation 3 videogame console.

The consumer electronics company filed the complaint Monday in U.S. District Court in San Francisco, naming as defendants well-known hacker George Hotz of Cambridge, Mass.; Hector Martin Cantero of Spain, Sven Peter of Hungary, and 100 other unnamed hackers. Sony claims Cantero and Peter are members of FailOverFlow, a hacker group the company says is dedicated to circumventing the TPM, or technology protection measure, in the PS3 to prevent the use of pirated games and unauthorized software.

The 24-page complaint accuses the defendants of violating the Digital Millennium Copyright Act and the Computer Fraud and Abuse Act. Sony is asking the court to bar the defendants from developing and distributing technology for hacking the PS3, to turn over everything developed so far to Sony and to order the defendants to pay unspecified monetary damages. Sony claims it has suffered "irreparable injury and damage" as a result of the defendants' work, which has already been widely distributed over the Web.

The lawsuit claims that in late December 2010, FailOverFlow discovered a way to circumvent the PS3's TPMs, written into the console's firmware to prevent software pirates from running unauthorized software. The group then provided other hackers with the tools it developed.

Hotz, aka "Geohot," allegedly built on FailOverFlow's work and publicly distributed over the Internet software code to run pirated or unauthorized software on the PS3. A demonstration of the software allegedly developed by Holtz was posted last week to the Geohot channel on YouTube. Sony claims Hotz made his code available for download five days earlier on his Web site, where he left a message for the company: "If you want your next console to be secure, get in touch with me," the note said, according to the complaint.

"Unless the court enjoins defendants' unlawful conduct, hackers will succeed in their attempts to ensure that pirated software can be run on the PS3 system, resulting in the destruction of SCEA's business," the complaint says. SCEA stands for Sony Computer Entertainment America, the unit responsible for the PS3.

Hotz on Monday had taken down his Web site, leaving up a page that said he had been served with court papers. He also supplied a link to the complaint.

Sony claims the defendants have violated the DCMA by circumventing the PS3's copyright protection mechanisms to run pirated software. They also allegedly violated the Computer Fraud and Abuse Act by breaking into the workings of the PS3 beyond what is allowed in the user agreement and accessing proprietary technology.

Hotz first gained notoriety in 2007 when he hacked his Apple iPhone in order to use the smartphone on multiple carriers' networks. Apple at the time had an exclusive deal with AT&T. In late 2009, he turned his attention to the PS3 and documented his attempt to hack the system on his Web site. Hotz's work prompted Sony to make changes to the system in order to boost security.

SEE ALSO:

Sony Blocks Linux On PS3

iOS 4.1 Jailbreak Achieved, Hackers Say

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4725
Published: 2014-07-27
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

CVE-2014-4726
Published: 2014-07-27
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.

CVE-2014-2363
Published: 2014-07-26
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.

CVE-2014-2625
Published: 2014-07-26
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.

CVE-2014-2626
Published: 2014-07-26
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.