Deep Insecurity

Published as part of our sister-site GamesIndustry.biz's widely-read weekly newsletter, the GamesIndustry.biz Editorial, is a weekly dissection of an issue weighing on the minds of the people at the top of the games business. It appears on Eurogamer after it goes out to GI.biz newsletter subscribers.

It's hard to imagine a more unpleasant start to 2011 for Sony than the revelation which greeted the games industry as it returned to work this week. The PlayStation 3, considered since its launch to be one of the most secure consoles ever constructed, appears to have had its security systems blown wide open by a group of dedicated hackers.

Huge flaws in the software which is designed to prevent the copying of PS3 games or the execution of unauthorised code have been revealed, and the consensus among those familiar with the hardware is that - assuming the hackers have accomplished what they claim, and they've given no reason to doubt them thus far - Sony's machine is now practically wide open.

The spectre which looms over the PS3 in 2011, then, is one of an arms race with hackers. The team responsible for the current hack, Fail0verflow, professes to be firmly anti-piracy and interested only in giving consumers the right to execute whatever code they choose on hardware they have bought - a common ideal of the technologically minded. Other groups, of course, will use the knowledge Fail0verflow have released in far less scrupulous ways.

The biggest headache for Sony, however, lies in the fact that what has been exposed is such a fundamental security problem that it has actually handed hackers the private keys used to sign code to run on the PS3. For those unfamiliar with this kind of security, the bottom line is that those keys should never, ever fall into outside hands - they will allow programmers to write any code they like, including custom firmware, which the PS3 will run just as happily as if it had originated from within Sony itself. Moreover, those keys can't simply be revoked by a firmware upgrade or even a new version of the console, because every piece of software released for the PS3 thus far relies on them to operate.

Recriminations will inevitably fly over the hack itself. Plenty of people are already lining up to condemn the hackers who revealed the security flaw, which seems like fairly misdirected anger - investigating and uncovering security problems is a key part of the process which makes security better down the line, and bluntly, it's far better that this kind of issue be revealed by a "white hat" (that is to say, non-destructive and moral) group of hackers than for it to be found and exploited by "black hat" (destructive, profiteering or outright malicious) hackers.

Others are, rather more justifiably, angry with Sony. The problem revealed by the hackers was a pretty basic one - an equation which needs to be fed a random number in order to generate cryptographically secure files was instead being given the same number every single time code was encrypted, which made it easy for the hackers to reverse-engineer the maths and spit out the all-important private key. That's an amateur-level mistake, and while plenty of blame will no doubt be apportioned within Sony for the error, the rest of the industry can quite reasonably ask why processes to catch this kind of problem either weren't in place, or didn't work.

Because it is, after all, the rest of the industry that will suffer the greatest impact from this security failure. The hackers who follow in Fail0verflow's footsteps and create custom firmware to run pirated games, emulators and so on will be targeting Sony's hardware, but it's third-party publishers and developers who have most right to be outraged. The licence fee they pay to Sony for every piece of software they sell is, in many respects, a fee for security - the price of selling software on a platform where piracy is difficult or damn-near impossible. Now that has been taken away from them, with the PS3 looking set to become the easiest platform to pirate software for - easier even than the Wii, DS or PSP, all notorious piracy targets but all of which require some degree of technical knowledge to get pirated software working.

In Sony's defence, it's worth noting that the PS3 has managed to retain its security for far, far, longer than any other console in recent memory. Until the launch of the "PS3 Jailbreak" last summer - which was rapidly neutered by firmware updates - the console's defences remained unbroken. Even in the wake of the apparently catastrophic security breach of the past week, that represents an excellent record.

It's worth asking, however, why exactly that security remained in place for so long. The hackers at Fail0verflow have a simple explanation - at launch, the PS3 catered to hackers and hobbyists by allowing them to run the Linux operating system through the OtherOS functionality. Even though this wasn't something which large numbers of consumers exploited, it was enough to satisfy the small number of people who wanted the ability to use their hardware in this way. More importantly, Fail0verflow argue that it also kept the PS3's security off the hacker radar, since there was almost no legitimate reason for them to break into the console.

Taking a cynical - or perhaps realistic - standpoint, these arguments seem a little over-simplified and idealistic. There's no question but that plenty of people were attempting to break the PS3's security systems long before the ability to run Linux was removed by Sony. Mod chips and other such hacks are, after all, a big business as much as they are a hobbyist enterprise, and a great many people who work on cracking security are motivated by money, not by idealism.

On one front, however, it's hard to argue with Fail0verflow's logic. Sony's removal of Linux support from the PS3 Slim and subsequent deletion of OtherOS functionality from the original PS3's firmware was seen as a red flag to a bull within the hacker community, and activity on cracking the console's security unquestionably intensified in the wake of those actions. Many hackers who had never contemplated investigating Sony's security systems and probably never even used PS3 Linux were incensed - here was a system which provably had a working version of Linux, but which had been prevented from running it. This is exactly the kind of challenge which the hacker mindset relishes.

As a consequence, it's quite likely that more talented hacker groups, who had previously ignored the PS3, became interested in the problem. It seems that there's a two-tier system in place in the hacking community - there are the seriously clever, inventive people who investigate security systems and uncover their flaws, and then there are those who take those flaws and build products (mod chips, firmwares and so on) which exploit them for the purposes of piracy. While Sony maintained Linux on the PS3, those in the former group steered clear, for the most part - and those in the latter group simply weren't talented or knowledgeable enough to crack the security on the console.

There are other factors at play here as well, of course - and it's worth recalling that Sony originally removed Linux from the platform's firmware after exploits posted by famed iPhone hacker George Hotz suggested that OtherOS could be a viable vector for hackers attacking the system. However, the timing is hard to ignore - and it raises some interesting questions for securing future consoles.

OtherOS functionality seemed like a lame duck on the PS3 - it was relatively tricky to set up and used by a tiny, tiny fraction of the console's user-base, who were also likely to be the kind of people who bought the hardware and never purchased games for it, making them into a net loss to Sony. However, we must now ask whether what Sony actually bought for itself with OtherOS functionality was the goodwill of the hacker community - a four-year grace period without piracy.

Much of what I wrote about Sony in 2010 focused on the transition inside the company as the firm learned from the mistakes and excesses of the engineering-led Ken Kutaragi era and shifted its focus to being software-led and developer-friendly. That's a change which is still underway, and is still a net positive - but perhaps the dropping of OtherOS, a Kutaragi-era feature if ever there was one, was a major misstep during the process. If engineers understand one thing, it's the engineering, "hacker" mindset - and OtherOS' function, in the end, may have been to satisfy that mindset.

Other console makers, as well as Sony itself, could do well to watch and learn. If providing a sufficiently expansive walled garden for hackers to play with - and a somewhat limited and closely monitored version of Linux seemed to do the trick nicely - can actually ward off piracy for several years, is it not a reasonable price to pay? If the hackers who are actually skilled enough to break this kind of complex security are really interested in open hardware rather than piracy, doesn't it make sense to stop treating this as a war, and try to meet them halfway? As Sony faces the stark prospect of a 2011 with the PS3 utterly bereft of security, these are questions every hardware manufacturer ought to be asking.