Attacks/Breaches
1/12/2011
09:17 PM
50%
50%

Sony Sues Hackers Over PS3 Jailbreak

Geohot, also known as George Hotz, and others are accused of distributing code to circumvent PlayStation 3's copyright protection technology to run pirated software.

Sony has sued 3 hackers and 100 others whose names the company doesn't know for developing and releasing over the Web code that makes it possible to run homegrown or pirated software on the PlayStation 3 videogame console.

The consumer electronics company filed the complaint Monday in U.S. District Court in San Francisco, naming as defendants well-known hacker George Hotz of Cambridge, Mass.; Hector Martin Cantero of Spain, Sven Peter of Hungary, and 100 other unnamed hackers. Sony claims Cantero and Peter are members of FailOverFlow, a hacker group the company says is dedicated to circumventing the TPM, or technology protection measure, in the PS3 to prevent the use of pirated games and unauthorized software.

The 24-page complaint accuses the defendants of violating the Digital Millennium Copyright Act and the Computer Fraud and Abuse Act. Sony is asking the court to bar the defendants from developing and distributing technology for hacking the PS3, to turn over everything developed so far to Sony and to order the defendants to pay unspecified monetary damages. Sony claims it has suffered "irreparable injury and damage" as a result of the defendants' work, which has already been widely distributed over the Web.

The lawsuit claims that in late December 2010, FailOverFlow discovered a way to circumvent the PS3's TPMs, written into the console's firmware to prevent software pirates from running unauthorized software. The group then provided other hackers with the tools it developed.

Hotz, aka "Geohot," allegedly built on FailOverFlow's work and publicly distributed over the Internet software code to run pirated or unauthorized software on the PS3. A demonstration of the software allegedly developed by Holtz was posted last week to the Geohot channel on YouTube. Sony claims Hotz made his code available for download five days earlier on his Web site, where he left a message for the company: "If you want your next console to be secure, get in touch with me," the note said, according to the complaint.

"Unless the court enjoins defendants' unlawful conduct, hackers will succeed in their attempts to ensure that pirated software can be run on the PS3 system, resulting in the destruction of SCEA's business," the complaint says. SCEA stands for Sony Computer Entertainment America, the unit responsible for the PS3.

Hotz on Monday had taken down his Web site, leaving up a page that said he had been served with court papers. He also supplied a link to the complaint.

Sony claims the defendants have violated the DCMA by circumventing the PS3's copyright protection mechanisms to run pirated software. They also allegedly violated the Computer Fraud and Abuse Act by breaking into the workings of the PS3 beyond what is allowed in the user agreement and accessing proprietary technology.

Hotz first gained notoriety in 2007 when he hacked his Apple iPhone in order to use the smartphone on multiple carriers' networks. Apple at the time had an exclusive deal with AT&T. In late 2009, he turned his attention to the PS3 and documented his attempt to hack the system on his Web site. Hotz's work prompted Sony to make changes to the system in order to boost security.

SEE ALSO:

Sony Blocks Linux On PS3

iOS 4.1 Jailbreak Achieved, Hackers Say

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-2849
Published: 2015-07-07
SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter.

CVE-2015-2850
Published: 2015-07-07
Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

CVE-2015-3216
Published: 2015-07-07
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establi...

CVE-2014-3653
Published: 2015-07-06
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.

CVE-2014-5406
Published: 2015-07-06
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, ...

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report