In the past, PS3 security has been something of a cat and mouse game. Sony’s had to deal with a range of piracy-enabling firmware and USB dongles, not to mention Geohot’s release of the “metldr” root key. The release of firmware 3.60 largely patched things up and security systems were implemented to keep those consoles running older firmware from accessing the PlayStation Network.
Then things started to unravel. First, PSN’s passphrase security protocol was leaked, allowing hacked consoles full access. Next, an updated piracy-enabling custom firmware was released. Once, this could easily have been locked down with another firmware update. Except then a group of hackers calling themselves “The Three Tuskateers” released the PS3’s LV0 decryption keys, basically the all-access pass to any future PS3 updates.
Eurogamer highlighted the significance:
Options Sony has in battling this leak are limited – every PS3 out there needs to be able to decrypt any firmware download package in order for the console to be updated (a 2006 launch PS3 can still update directly to the latest software). The release of the LV0 key allows for that to be achieved on PC, with the CoreOS and XMB files then re-encrypted using the existing 3.55 keys in order to be run on hacked consoles.
Essentially, this means that any firmware updates Sony releases can be instantly decrypted and circumvented. The need for all PS3s to be backward compatible severely limits Sony’s chances of finding a workaround.
As it turns out, the decryption keys were discovered some time ago. The aforementioned Three Tuskateers hadn’t planned to release them until a Chinese hacking group calling themselves “BlueDiskCFW” attempted to use them for financial gain – by charging users for hacked firmware.
The Three Tuskateers issued the following statement:
You can be sure that if it wouldn’t have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now.
This is certainly bad news for Sony, but it’s worth keeping perspective: The PS3 has been around since November 2006, so to say that it is approaching the end of its product cycle is something of an understatement. Could this be the motivation that Sony needs to stop dragging its feet on the PS4?