After months of testing and improvements, security engineer and modder Andy Nguyen has finally released PS5-Linux, allowing users to turn their console into a functional Linux gaming PC.
As a malicious actor or red-team player, I would want to get you on as old of an OS as I could in order to exploit a wider range of CVEs. Or in most cases, one would be hunting for a specific set of CVEs. Once I’ve got you on the version I want, I can then perform other attacks and ensure that they run.
The iPhone, many Android phones, some network equipment, and game consoles all have eFuses that burn when you perform an update, and the specific number or pattern they burn in is used to determine the lowest OS version your device is allowed to be on in order to stop this from happening.
I mean, my phone has all sorts of private and confidential information and is regularly in hostile environments where attackers might get physical access to it. Kinda want the best, most hardened security posture.
My Playstation sits in my living room and has my gaming history and access to my games…
It could also have your credit card info if you’ve set it up for the store. Which I imagine most people do, since many games don’t even get physical copies made anymore.
Ive worked with ecommerce enough to not store my card anywhere. Also pretty sure they’d store it in the cloud so could max it out in the store and I could claim the fraud.
But if your in my living room thinking, I’m going to sit down and hack his Playstation to get his credit card… Don’t know man, seems there’s better plans.
Ive worked with ecommerce enough to not store my card anywhere.
Not storing it is not necessarily enough to protect you either, though. If their servers get compromised, it’s very easy for them to send that data elsewhere instead of/in addition to working normally.
Thats called a downgrade attack and is explicitly blocked by most modern security models that are not a PC.
That’s insane
Is it?
As a malicious actor or red-team player, I would want to get you on as old of an OS as I could in order to exploit a wider range of CVEs. Or in most cases, one would be hunting for a specific set of CVEs. Once I’ve got you on the version I want, I can then perform other attacks and ensure that they run.
The iPhone, many Android phones, some network equipment, and game consoles all have eFuses that burn when you perform an update, and the specific number or pattern they burn in is used to determine the lowest OS version your device is allowed to be on in order to stop this from happening.
I mean, my phone has all sorts of private and confidential information and is regularly in hostile environments where attackers might get physical access to it. Kinda want the best, most hardened security posture.
My Playstation sits in my living room and has my gaming history and access to my games…
It could also have your credit card info if you’ve set it up for the store. Which I imagine most people do, since many games don’t even get physical copies made anymore.
Ive worked with ecommerce enough to not store my card anywhere. Also pretty sure they’d store it in the cloud so could max it out in the store and I could claim the fraud.
But if your in my living room thinking, I’m going to sit down and hack his Playstation to get his credit card… Don’t know man, seems there’s better plans.
Not storing it is not necessarily enough to protect you either, though. If their servers get compromised, it’s very easy for them to send that data elsewhere instead of/in addition to working normally.
It is indeed, such is the state of the industry