Hackers attending the GeekPwn conference in Shanghai have revealed a new exploit for PlayStation 4 running on the 4.01 firmware. In a live demo you can see below, once again the Webkit browser is utilised in order to inject the exploit, which - after a conspicuous cut in the edit - jumps to a command line prompt, after which Linux is booted. NES emulation hilarity courtesy of Super Mario Bros duly follows.

Assuming the hack is authentic - and showcasing it at GeekPwn makes the odds here likely - it's the first time we've seen the PlayStation 4's system software security compromised since previous holes in the older 1.76 firmware came to light, utilised by noted hacker group fail0verflow in the first PS4 Linux demo, shown in January this year.

The hack is also significant in that firmware 4.01 - or a prior version - is likely to be installed on the upcoming PlayStation 4 Pro, and the close compatibility and identical operating system used by the new hardware also makes that vulnerable to the same exploits. What is troubling about these Webkit exploits that periodically appear for PS4 is that they are granting full kernel access to the hardware, required in order to run Linux.

It's a bit wacky for sure, and there are no English subtitles, but this does indeed appear to show Linux running on a PS4 running the 4.01 system software.

A PlayStation 4 port of Linux has been publicly available for ten months now, but its usefulness to owners of the console has been limited since Sony has done a pretty good job of closing up exploits as soon as they are discovered and older consoles with vulnerable firmware updates are rare to the point of non-existence. That's a good thing in one respect, as piracy would inevitably follow at some point. However, running a full desktop OS on the console could be rather interesting.

"Linux on the PS4 actually makes a lot of sense, more than it ever did on any previous game console," fail0verflow stated back in January after their demo. "It's close enough to a PC that getting 3D acceleration working, while rather painful (as we've learned), seems entirely possible without undue amounts of effort (in a timeframe of months, not years), to the level needed for real indie games and even AAA titles, not just homebrew. And many thousands of indie and AAA games already run on Linux. Yes, SteamOS on the PS4 should 'just work' once the driver issues are sorted out."

In terms of a release for the 4.01 exploit, we wouldn't hold our breath there. The group behind the video - Chaitin.cn - appears to be a legitimate Beijing-based company that specialises in internet security, and that may explain the sudden release of firmware 4.05 for PlayStation 4 in the wake of the group's demo at GeekPwn earlier this week.

Sometimes we include links to online retail stores. If you click on one and make a purchase we may receive a small commission. For more information, go here.

Jump to comments (54)

About the author

Richard Leadbetter

Richard Leadbetter

Technology Editor, Digital Foundry

Rich has been a games journalist since the days of 16-bit and specialises in technical analysis. He's commonly known around Eurogamer as the Blacksmith of the Future.

More articles by Richard Leadbetter

Comments (54)

Hide low-scoring comments
Order
Threading

Related

Like what we do at Digital Foundry? Support us!

Subscribe for only $5 and get access to our entire library of 4K videos.