Attacks/Breaches

1/12/2011
09:17 PM
50%
50%

Sony Sues Hackers Over PS3 Jailbreak

Geohot, also known as George Hotz, and others are accused of distributing code to circumvent PlayStation 3's copyright protection technology to run pirated software.

Sony has sued 3 hackers and 100 others whose names the company doesn't know for developing and releasing over the Web code that makes it possible to run homegrown or pirated software on the PlayStation 3 videogame console.

The consumer electronics company filed the complaint Monday in U.S. District Court in San Francisco, naming as defendants well-known hacker George Hotz of Cambridge, Mass.; Hector Martin Cantero of Spain, Sven Peter of Hungary, and 100 other unnamed hackers. Sony claims Cantero and Peter are members of FailOverFlow, a hacker group the company says is dedicated to circumventing the TPM, or technology protection measure, in the PS3 to prevent the use of pirated games and unauthorized software.

The 24-page complaint accuses the defendants of violating the Digital Millennium Copyright Act and the Computer Fraud and Abuse Act. Sony is asking the court to bar the defendants from developing and distributing technology for hacking the PS3, to turn over everything developed so far to Sony and to order the defendants to pay unspecified monetary damages. Sony claims it has suffered "irreparable injury and damage" as a result of the defendants' work, which has already been widely distributed over the Web.

The lawsuit claims that in late December 2010, FailOverFlow discovered a way to circumvent the PS3's TPMs, written into the console's firmware to prevent software pirates from running unauthorized software. The group then provided other hackers with the tools it developed.

Hotz, aka "Geohot," allegedly built on FailOverFlow's work and publicly distributed over the Internet software code to run pirated or unauthorized software on the PS3. A demonstration of the software allegedly developed by Holtz was posted last week to the Geohot channel on YouTube. Sony claims Hotz made his code available for download five days earlier on his Web site, where he left a message for the company: "If you want your next console to be secure, get in touch with me," the note said, according to the complaint.

"Unless the court enjoins defendants' unlawful conduct, hackers will succeed in their attempts to ensure that pirated software can be run on the PS3 system, resulting in the destruction of SCEA's business," the complaint says. SCEA stands for Sony Computer Entertainment America, the unit responsible for the PS3.

Hotz on Monday had taken down his Web site, leaving up a page that said he had been served with court papers. He also supplied a link to the complaint.

Sony claims the defendants have violated the DCMA by circumventing the PS3's copyright protection mechanisms to run pirated software. They also allegedly violated the Computer Fraud and Abuse Act by breaking into the workings of the PS3 beyond what is allowed in the user agreement and accessing proprietary technology.

Hotz first gained notoriety in 2007 when he hacked his Apple iPhone in order to use the smartphone on multiple carriers' networks. Apple at the time had an exclusive deal with AT&T. In late 2009, he turned his attention to the PS3 and documented his attempt to hack the system on his Web site. Hotz's work prompted Sony to make changes to the system in order to boost security.

SEE ALSO:

Sony Blocks Linux On PS3

iOS 4.1 Jailbreak Achieved, Hackers Say

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cloud Security's Shared Responsibility Is Foggy
Ben Johnson, Co-founder and CTO, Obsidian Security,  9/14/2017
To Be Ready for the Security Future, Pay Attention to the Security Past
Liz Maida, Co-founder, CEO & CTO, Uplevel Security,  9/18/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.