Playstation 5: Kernel-Level Attacks Reveal Rampant Lack Of Security

by | November 20, 2021 | Cybersecurity News

Cybercrooks stole Playstation 5 root keys and exploited the kernel, taking over its most basic functions and demonstrating just how flawed security in gaming devices is.

Playstation 5 Targeted By Well-Known Hackers

Consecutive breaches of the new Playstation 5 are proof of the severe lack of protection against threat actors. Both attacks were posted on Twitter on November 7. However, the posts did not disclose specifics, but they surely warn of potential security flaws that could result in dangerous attacks on the gaming giant.

FailOverFlow, which has already earned a reputation as a prolific PlayStation jailbreaker group, posted a November 7 tweet that seemed to contain the PS5 firmware symmetric root keys.

In the following post, the group claimed that it “…got all (symmetric) ps5 root keys.” FlailOverflow wrote, “They can all be obtained from software — including per-console root key, if you look hard enough!”

FailOverFlow’s Nov. 7 tweet

Playstation 5 Kernel Exploit

Google security engineer Andy Nguyen posted the second breach on Twitter on the same day. He is known as TheFlow in hacker circles and seems to have been able to access the PS5 “Debug Settings” menu, which means he has a kernel exploit.

Wololo, which first reported on both hacks, indicated that this menu is usually only available on test kit devices and allows quality assurance and development teams to install package files on the Sony PlayStation 5.

Playstation 5 Debug Settings menu.
The Debug Settings menu. Credit:

“This menu enables a series of QA/Dev related options on the console, including the possibility to Download/install package files. The Debug Settings menu in itself does not allow to install unsigned content (e.g. pirated games), though.”

“Although typically only present on test kits, the Debug Settings Menu is disabled on ‘retail’ consoles,” Wolo noted. “In other words, although the Debug Settings menu in itself is not a “hack”, having it showcased on a screenshot for a retail console is indicative that TheFloW has arbitrary write access on the console, meaning he’s most likely got a PS5 kernel exploit.”

“But it can be enabled on retail consoles by patching some flags, located at specific addresses in the firmware at Runtime,” according to Wololo’s the Guardian.

The Challenges Of Securing The Playstation 5

Both exploits could enable cybercriminals to install pirated games, run emulators, and more, according to public-interest technologist Bruce Schneier.

“Hackers may have just made some big strides towards possibly jailbreaking the PlayStation 5 over the weekend,” Schneier wrote about the breaches. “Decrypted firmware ­which is possible through FailOverFlow’s keys, would potentially allow for hackers to further reverse-engineer the PS5 software and potentially develop the sorts of hacks that allowed for things like installing Linux, emulators or even pirated games on past Sony consoles.”

He went on to add that he doesn’t think that a completely hack-proof will ever exist.

“Especially when the system is physically in the hands of the hackers,” Schneier said. “The Sony Playstation 5 is the latest example.”


Threatpost Back-to-Back PlayStation 5 Hacks Hit on the Same Day

Wololo PS5 Kernel Exploit? TheFloW showcases Debug Settings menu on retail console, no plan to release.


Photo by Kerde Severin on Unsplash

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.