Major privacy and security concerns raised about PSN

Did you think the Gawker security breach was a disaster because it affected almost 1.5 million people? You might want to re-think the use of the word disaster when applying it to security breaches, because Sony’s PlayStation Network is claiming to have over 69 million accounts as of January 25th. Now before you go off panicking you should know that there hasn’t been a security breach of the PSN…yet. A couple of weeks ago an anonymous but apparently well known hacker released a report under the moniker “The Anonymous Data Protection Officers” revealing that not only does Sony use the PSN as a form of spyware that gathers information about everything your PlayStation 3 is connected to, but all information transferred over the PSN is only protected by basic security measures. So how much info was this hacker able to decrypt? Ten percent? Fifty percent? Try one hundred percent of all PSN functions transferred over the PSN were decrypted.

It’s nothing new for an online service to gather information about your system; in fact it is stated in the PSN’s terms of service that it does this. The hacker report reveals that Sony gathers info on virtually everything your PS3 has been connected to or has access to. That includes information on your TV set and model, information on USB devices connected to the PS3, installed apps, movies you’ve watched, and even information regarding your home WiFi network. Now most services that do gather information like this state that they do this anonymously, so you have nothing to worry about, right?

Such sensitive data can now be captured by anyone who builds his own custom firmware with custom certificates. There are enough n00b-friendly tools by now. Means, little scriptkiddies can spread their little CFWs and phish user data. As many of these people are using a third party DNS, they are a potential victim of phishing.

This sensitive data happens to be credit card information and account information which is transferred along with those other statistics the PSN gathers. To make matters worse, all the information is unencrypted. The report details how the security measures employed by Sony on the PSN are not only outdated, but easily circumvented. Another interesting tidbit is that when the PSN first launched, information was transferred over good old HTTP, meaning no security measures were in place…at all.

Sony has not acknowledged or responded to this report as they’re too busy trying to sue people into oblivion for jailbreaking their device. At least we now know where the next big “Gawker” will happen. Hit the source to read the full PDF of the report.


Source: PS3Crunch

Scroll to Top