PlayStation 3 hackers have been hit with a lawsuit from Sony for publishing details of how to bypass the security features on its game console.
Sony claims that disclosing this information has caused "irreparable injury and damage" to the company because it now allows people to run pirated games on the PS3.
The PS3 was once considered invulnerable and the most secure games console ever built. It was the only one to have consistently withstood hacking attempts. But in December 2010 at the Chaos Communication Conference in Berlin a group of European programmers calling themselves fail0verflow revealed they had finally broken specific lower levels of the PS3's encryption system that let them run their own programs on the console.
Shortly after this, George Hotz, a US-based hacker known as geohot, who gained notoriety in 2007 for unlocking Apple's iPhone, built on fail0verflow's method to gain complete access to the PS3 by obtaining the master encryption key.
Crucially, Hotz then published a decryptor key for Sony's master key and released "jailbreak" software to allow others to run unauthorised programs and pirated games on their PS3. The hack comes as a huge blow to Sony, which produces and licences its own video games for the console.
Every file that is authorised to work on a PS3 uses a digital signature that is generated by Sony using a pair of keys, one of which is created by the firm, while the other, the "root" key, is encrypted within the console itself. By discovering this root key, Hotz was able to trick the PS3 into applying Sony signatures to any file, allowing unauthorised programs to be run on the system.
Both fail0verflow and Hotz maintain that their only motivation is to run their own "homebrew" software and games on the PS3 hardware. "I do not support piracy or counterfeiting," Hotz told New Scientist.
But in Sony's motion for a temporary restraining order it claims that publishing the methods and keys encourages piracy and violates the user agreement. "Indeed, in the last few days people have already started copying, playing and trafficking in pirated copies of video games," it reads.
"I am a firm believer in digital rights," says Hotz. "I would expect a company that prides itself on intellectual property to be well versed in the provisions of the law, so I am disappointed in Sony's current action. I have spoken with legal counsel and I feel comfortable that Sony's action against me doesn't have any basis."
Marcia Hofmann, an attorney with the Electronic Freedom Frontier in San Francisco, agrees. "The internet is a place where freedom of speech is protected," she says. And code counts as speech. Hardware is protected against hacking under US law. "But the law also contains an exclusion for reverse engineering where it is done to make a system interoperable with other systems," says Hofmann.
Sony's complaint also draws upon the US Computer Fraud and Abuse Act, arguing that the company still has some form of ownership of the console. "They are suggesting that if you access your own computer in a way that Sony doesn't like then you are committing a felony," says Hofmann. "That's a completely ridiculous scenario." And one that has already been unsuccessfully argued in court, she says.
Regardless of what happens with the lawsuit, it will be impossible for Sony to put this genie back in the bottle. Not just because the encryption keys are now widely available (not just on the internet but also on T-shirts and coffee mugs) but also because, according to fail0verflow and Hotz, no amount of software updates or patches can secure the PS3 against this sort of hack. Sony's only option, the hackers claim, is to change the hardware with an entirely new encryption system.
Taken from newscientist.com
