Sony has officially stated that anyone using hacked firmware or any sort of circumvention technology will have their console banned for life from the PlayStation Network, but how does the company know when such a console logs in? One person claims to have broken into the PlayStation Network, and what he has found is rather shocking. If his findings are accurate, your credit card information is being sent to Sony as an unencrypted text file, and Sony is watching every single thing you do with your system, keeping detailed records all the while.
"Sony is the biggest spy ever... they collect so much data. All connected devices return values sent to Sony's servers," the hacker said. He claims that Sony knows what controllers you're using, what USB devices are plugged in, what sort of television you're using—everything. Here's another section of the chat log:
user2: another funny function i found is regarding psn downloads
user2: its when a pkg game is requested from the store
user2: in the url itself you can define if you get the game free or not. requires some modification in hashes and so on tho
user3: ..
user2: is like
user8: :D
user3: my god
user2: drm:off
That's not all: your credit card information is apparently being sent as an unencrypted text file. This is how the code is being sent to Sony:
creditCard.paymentMethodId=VISA&creditCard.holderName=Max&creditCard.cardNumber=45581234567812345678&creditCard.expireYear=2012&creditCard.expireMonth=2&creditCard.securityCode=214&creditCard.address.address1=example street%2024%20&creditCard.address.city=city1%20&creditCard.address.province=abc%20&creditCard.address.postalCode=12345%20
This information is allegedly being stored online and is updated every time you turn on your system. We've been receiving reports from various sources that e-mails are being sent to those with hacked firmware even before they log back into the PlayStation Network, which is even more evidence that Sony is grabbing information from your system just from being connected to your wireless network.
The ability to enable free downloads is likewise unsurprising, as there may be a way for some users, such as press and developers, to access the PlayStation Network without needing to pay for content. While other console manufacturers may keep free, pre-review content in a separate, closed-off network, it's possible Sony keeps everything in one place, and controls who pays and who doesn't via a simple toggle. That would be unsafe from a security standpoint, but when has that stopped anyone from stupid mistakes in the past?
It's also very possible this is all fake, but much of what the unnamed hacker is saying links up with what we know from other sources about the behavior of the PlayStation Network. It's worth treating this as a very real threat: use PSN cards instead of credit cards on the PlayStation Network, and make sure you don't share any passwords or login information between your PSN account and other accounts.
We've contacted Sony for comment, but have not received a reply at time of publication. The hackers joked that the next update will remove the PlayStation Network, just as Sony removed the Other OS feature when it became compromised.
No comments:
Post a Comment