Report: Sony BMG Arming PS3s With Rootkits in Firmware Update

Sony’s problems began when the root keys for the PlayStation 3 were discovered and posted online. Now, in an effort to fight against jailbreakers, Sony has reportedly been using the latest firmware update to upload rootkit technology on to the game console to spy on gamers and make sure home brew games never make their way on to people’s consoles.

Note: This is an article I wrote that was published elsewhere first. It has been republished here for archival purposes

It seems like 2005 all over again. Back then, Sony wanted to make CDs much more difficult to copy. So, in an effort to curb music piracy of their albums, a decision was made to encode the CDs with the infamous SunnComm/MediaMaxx technology.

Then

The problem was, the rootkits were, at best, highly questionable under law. What the technology did was install a rootkit on to people’s computers. At the time, anti-virus software as well as anti-spyware software were not equipped to detect rootkits. In this case, any file that started with “$SYS$” would be protected by the rootkit and made completely undetectable unless the user had a piece of rootkit detection software. At the time, Blacklight was one well used example. Naturally, when this was discovered in the technology, outrage ensued. If a virus writer wanted to conceal their malware, all they had to do was rename it to “$SYS$(insert whatever here)” and anti-virus software would never be able to touch it.

If that wasn’t bad enough, the technology would also install spyware which would phone home to Sony and tell them what the user is listening to on their computer.

Even some that think copy protection is a necessary component to selling music thought these protections schemes went too far. Sony was litigated in multiple countries and, by 2007, the legal cases brought against the company were settled. Let’s just say Sony wasn’t exactly thrilled when this whole issue blew up at the time.

Now

Fast-forward to today. Earlier this month, a user by the name GeoHot posted the root keys to Sony’s Playstation 3. Sony wasn’t happy about this because games not authorized by Sony can now theoretically be played – including home brew video games or pirated games. Sony demanded that the tools used to find the keys be handed over but GeoHot confirmed that now that the keys are public, the “Cat [is] not going back in the bag”

At this point, there is little Sony can do, or is there? A report on CNet suggests that Sony has been distributing a new firmware update. Some people are reporting that this firmware update contains rootkit technology. The technology would spy on people’s PS3s and make sure gamers are playing authorized games. The report also suggests that Sony has yet to activate this code.

Legal Problems?

If these reports are true, this could spell more legal problems for Sony. The idea that software could be used to spy on gamers raises several legal privacy concerns. It’s unclear whether such technology would even be legal in the US. Canada, though, has much tougher privacy laws, so the chances of such technology being legal at this point is not guaranteed. In fact, privacy concerns were a big problem for Sony in Canada back when they were installing rootkit and spyware technology on music CDs.

It’s really quite stunning that Sony might even consider going down this road again. If Sony wants to attempt this, at the very least, I would think that they would go over privacy laws in every country to make sure they are not breaking any laws. Then again, Sony really only got a wrap on the wrist the last time they wound up pulling a similar stunt.

Drew Wilson on Twitter: @icecube85 and Google+.



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: