Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Update: Sony PSP Exploit Apparently Confirmed

From: David Farber <dave () farber net>
Date: Wed, 15 Jun 2005 16:15:44 -0400


Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: June 15, 2005 12:05:02 PM EDT
To: dave () farber net
Cc: lauren () vortex com
Subject: Update: Sony PSP Exploit Apparently Confirmed
Greetings. It appears that the exploit for Sony's PSP that I described in: 

http://www.eepi.org/archives/eepi-discuss/msg00099.html

was released as "advertised" this morning and has already been
tested by many users around the world.  Reports indicate that it
provides the functionality previously discussed, and it has been
confirmed that it will not run on PSP firmware later than the 1.5
version.  All but the earliest (firmware 1.0) PSP units in Japan,
and all U.S. units, have so far been shipped at firmware level 1.5.
Sony has recently released firmware versions 1.51 and 1.52, which
block the exploit, that some users have already flashed to their
units via Web downloads.

While the exploit apparently works, it is not by itself a terribly
practical long-term procedure, since it involves the rapid swapping
of memory sticks during the startup of each unsigned application.

However, the camel's nose is now in the tent, and the exploit, by
allowing the execution of arbitrary unsigned code (including
the ability to reflash the unit's firmware), will likely lead *very*
rapidly to more "user-friendly" and far-reaching exploitations and
homebrew applications.

So Sony is indeed faced with a problem -- and perhaps an
opportunity -- depending upon how they react to these developments.

--Lauren--
Lauren Weinstein
lauren () pfir org or lauren () vortex com or lauren () eepi org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
  - People For Internet Responsibility - http://www.pfir.org
Co-Founder, EEPI
  - Electronic Entertainment Policy Initiative - http://www.eepi.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: