After months of testing and improvements, security engineer and modder Andy Nguyen has finally released PS5-Linux, allowing users to turn their console into a functional Linux gaming PC.
Most consoles, if not all, have electronic fuses that are embedded inside chips that they intentionally blow out with each firmware update that prevent them from rolling back to older versions.
As a malicious actor or red-team player, I would want to get you on as old of an OS as I could in order to exploit a wider range of CVEs. Or in most cases, one would be hunting for a specific set of CVEs. Once I’ve got you on the version I want, I can then perform other attacks and ensure that they run.
The iPhone, many Android phones, some network equipment, and game consoles all have eFuses that burn when you perform an update, and the specific number or pattern they burn in is used to determine the lowest OS version your device is allowed to be on in order to stop this from happening.
I mean, my phone has all sorts of private and confidential information and is regularly in hostile environments where attackers might get physical access to it. Kinda want the best, most hardened security posture.
My Playstation sits in my living room and has my gaming history and access to my games…
It could also have your credit card info if you’ve set it up for the store. Which I imagine most people do, since many games don’t even get physical copies made anymore.
Ive worked with ecommerce enough to not store my card anywhere. Also pretty sure they’d store it in the cloud so could max it out in the store and I could claim the fraud.
But if your in my living room thinking, I’m going to sit down and hack his Playstation to get his credit card… Don’t know man, seems there’s better plans.
Well, that’s pretty exciting. My PS5 is already on the latest firmware though lol
Can we not, like… Factory reset these things to roll back to whatever was installed when it was purchased? 🤔
Most consoles, if not all, have electronic fuses that are embedded inside chips that they intentionally blow out with each firmware update that prevent them from rolling back to older versions.
Are you serious? Wtf
Yes, it’s a common practice that’s been done right back to PS2 and Xbox360 days.
Because it’s still their condole, even though you paid for it. They are just graciously letting you use it as long as you stay profitable to them.
lmao
Thats called a downgrade attack and is explicitly blocked by most modern security models that are not a PC.
That’s insane
Is it?
As a malicious actor or red-team player, I would want to get you on as old of an OS as I could in order to exploit a wider range of CVEs. Or in most cases, one would be hunting for a specific set of CVEs. Once I’ve got you on the version I want, I can then perform other attacks and ensure that they run.
The iPhone, many Android phones, some network equipment, and game consoles all have eFuses that burn when you perform an update, and the specific number or pattern they burn in is used to determine the lowest OS version your device is allowed to be on in order to stop this from happening.
I mean, my phone has all sorts of private and confidential information and is regularly in hostile environments where attackers might get physical access to it. Kinda want the best, most hardened security posture.
My Playstation sits in my living room and has my gaming history and access to my games…
It could also have your credit card info if you’ve set it up for the store. Which I imagine most people do, since many games don’t even get physical copies made anymore.
Ive worked with ecommerce enough to not store my card anywhere. Also pretty sure they’d store it in the cloud so could max it out in the store and I could claim the fraud.
But if your in my living room thinking, I’m going to sit down and hack his Playstation to get his credit card… Don’t know man, seems there’s better plans.
It is indeed, such is the state of the industry