The vulnerability in the PlayStation 5 could have allowed hackers to access the console system that was already identified and fixed on the PlayStation 4 last year.
“I found it on the PS4 and then two years later on the PS5. It seems like their patch somehow got reverted when doing FreeBSD9 to FreeBSD11 migration,” Andy Nguyen, a security researcher at Google Nguyen told Motherboard, referring to the Linux distribution that manages the PlayStation’s operating system.
Last year, the researcher gave an indication by jailbreaking his PlayStation 5 and tweeting an image of the console’s debug settings, which should only be accessible if the console is jailbroken.
Jailbreaking a console system allows customers to install emulators for other consoles, play pirated games, as well as unlock hidden features. The flip side of the coin is that Sony may block a jailbroken console from utilizing network features, blocking the user from playing online games.
Earlier this year in January, Andy reported the vulnerability to Sony and wrote that he discovered an identical bug in 2020, “when the PS5 did not yet exist, thus this should be considered as a new report and not a duplicate.”
The vulnerability led the researcher to gain control of the PlayStation 5’s kernel, the soul of the console’s operating system, which has access to and controls most of its functions. Last week, Sony patched the bug for the PlayStation 5 and rewarded Nguyen with a bounty of $10,000, the same amount as a reward in 2021.
Nguyen explained that the vulnerability he identified was only one of a chain of flaws required to fully jailbreak the PlayStation 5. And as of today, Sony’s new console is fully patched, which also means there are no pirated apps or emulators like there are for the PlayStation 4, for which there is a public jailbreak.
Earlier this month, another security researcher discovered the security bug to jailbreak the PS4 and the PS5 by exploiting the official PS2 emulator that Sony offered for its two most recent consoles.
“By hacking the official PS2 emulator he could run unofficial apps, other emulators, and “even some pirated commercial PS4 games. One of the advantages of exploiting the PS2 emulator is that Sony cannot patch it,” CTurt explained in a blog post. “Because the emulator is bundled as a game, not part of the OS, Sony has no readily available options to revoke access to it.”
Read the full article here