Since the PS3 encryption key has been cracked hackers have been studying the firmware and have found some interesting things out about the way your PS3 interacts with the PlayStation Network. One hacker reports that he has found evidence that your credit card information is sent to the PSN in an unencrypted text file, granted over a SSL connection. This would be secure as long as you aren't running a custom firmware.
Hackers have reported that custom firmware running on a PS3 could be compromised with a set of fact SSL certificates and DNS information. Using this the hackers could route PSN traffic to a proxy server over SSL and decrypt the data, save it, re-encrypt it and forward it on to the PSN servers. This could be done transparently to the user, except for maybe a small slowdown from proxying.
My advice, stay away from custom PS3 firmwares for now. Especially while Sony is cracking down so hard on modders, with permanent bans from the PSN.
Wow, hackers can do crazy things nowadays.
ReplyDeleteJeez... is there anything they cant do?
ReplyDelete