Sony is about to have a new headache to ring in the new year. A team of developers made good on a promise to drop a new exploit for the PlayStation 4, and it’s a doozie. Specter and Team Fail0verflow have revealed a flaw in kernel v4.05 for the PS4, which allows for the running of arbitrary code. This opens up the PS4 to homebrew software as well as easier game piracy.
Game consoles are some of the most notoriously locked-down devices in our homes thanks to a combination of custom hardware and heavily modified software. Companies take a dim view of attempts to hack their game consoles, even going so far as to launch legal action against those who would seek to experiment with “jailbreaks” for a console. In fact, Sony took famed developer George Hotz to court over his PS3 jailbreak in 2011. That case ended with Hotz promising not to hack Sony hardware anymore, as well as plenty of bad press for Sony.
Early in the PS4’s life cycle, Team Fail0verflow managed to get Linux up and running on the hardware, but the latest development is potentially more powerful. Specter and Team Fail0verflow teased the “namedobj” PS4 exploit several weeks ago, and now it’s available on GitHub. Perhaps as a way to deflect Sony’s legal team, the developers have not included the necessary tools to run homebrew software or jailbreak the device. However, as a kernel exploit, it allows modders to run any arbitrary code on the machine by listening for a payload via port 9020.
Hope everyone had a Merry Christmas! Here’s the 4.05 kernel exploit, fully implemented. Enjoy! Write-up coming soon! https://t.co/MQR0lzCu9Y
— Specter (@SpecterDev) December 27, 2017
Even without the jailbreaking mechanisms in this release, it’s only a matter of time before someone develops one that can be executed with the help of namedobj. It’s not only modders and pirates who will be digging into the open source code. Sony too will be taking a close look at namedobj in order to patch the system. You can’t really blame Sony — in addition to being a jailbreak, namedobj is a huge security hole. Many of the tools enthusiasts rely upon to modify their devices also compromise security. A kernel exploit that runs arbitrary code could be used to hack someone’s console without their consent and steal data.
If you’re not interested in jailbreaking your console, Sony will probably patch the hole sooner rather than later. If you do want to jailbreak, you’re going to need to find a way to block future system updates.