[ EEPI-Discuss ] The PSP Exploit Saga Continues: The Camel Fully Enters the Tent?

EEPI - Electronic Entertainment Policy Initiative
EEPI Home Page
EEPI Announcements Mailing List Information
EEPI Discussions Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ EEPI-Discuss ] The PSP Exploit Saga Continues: The Camel Fully Enters the Tent?

To: eepi-discuss@eepi.org
Subject: [ EEPI-Discuss ] The PSP Exploit Saga Continues: The Camel Fully Enters the Tent?
From: Lauren Weinstein <lauren@vortex.com>
Date: Tue, 21 Jun 2005 09:45:53 -0700 (PDT)

Greetings.  In:

http://www.eepi.org/archives/eepi-discuss/msg00099.html

and

http://www.eepi.org/archives/eepi-discuss/msg00100.html

I discussed the exploit that was developed for the Sony PSP that
threatens both to undermine Sony's control of, and their plans for, 
the powerful portable computing platform, by allowing the execution
of unofficial, "unsigned" programs.

As noted in the second message above, the initial exploit, which
has been available for less than a week, is unwieldy since it requires
the *rapid* swapping of memory sticks for each program execution.
This fact was enough to make the specific exploit less than useful
for routine use, though obviously it was the opening needed for
more elaborate exploits, which I predicted would follow rapidly.

Little did I know how rapidly.  Word is that tomorrow morning, a new
version of the exploit for (PSP 1.5 firmware) will be released by
the same developers of the initial 1.5 exploit, that will eliminate
the memory stick swapping requirement.  

If true -- and this seems likely given the track record -- this will
pretty much be the whole ball game as far as Sony is concerned.
Such a simple, practical execution exploit will open the homebrew
development floodgates (full-featured Web browsers, Linux, etc.), 
and likely the piracy floodgates as well.  

Sony will do their best to stem the tide.  Future shipments of the
hardware will presumably include later firmware releases more
resistant to this approach (e.g., the 1.51 and 1.52 versions which
have not been hacked -- so far at least).  New official game releases
will likely force installation of more secure firmware.  

But even if the exploits remain limited to the already large number
of PSP units currently in the hands of Japanese and U.S. users, the
effects on Sony are likely to be dramatic -- as will be the object
lesson to other firms and technologists at large.

More info tomorrow ...

--Lauren--
Lauren Weinstein
lauren@pfir.org or lauren@vortex.com or lauren@eepi.org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR 
  - People For Internet Responsibility - http://www.pfir.org
Co-Founder, EEPI 
  - Electronic Entertainment Policy Initiative - http://www.eepi.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com
_______________________________________________
EEPI-Discuss mailing list information:
http://lists.eepi.org/mailman/listinfo/eepi-discuss

Prev by Date: [ EEPI-Discuss ] China Offers Rewards for Piracy Tips
Next by Date: [ EEPI-Discuss ] One Week to Shattered Security: Lessons from the Sony PSP Exploit Saga
Previous by thread: [ EEPI-Discuss ] China Offers Rewards for Piracy Tips
Next by thread: [ EEPI-Discuss ] One Week to Shattered Security: Lessons from the Sony PSP Exploit Saga
Index(es):
- Date
- Thread