They have discovered the encryption keys used by the PS3 that verifies if program code is allowed to run on the system. With these keys they can "sign" any code they want and have it execute on the PS3. No mods or hacks will be needed since the code will be signed with a legitimate key. This means that every PS3 on the market will be able to run homebrew or pirated software with no system modifications or other usb dongle trickery since the PS3 will see it as legitimate authorized code. This opens the door to custom firmware, Linux with no hypervisor restrictions and a host of other uses.
According to what I have read, this security flaw is unpatchable. The only way for Sony to fix this is to revoke the encryption key. That however, would have the unfortunate side effect of rendering every piece of software on the market unplayable.
As a side note, while they were digging around and finding the keys to the PS3, they found the encryption keys to the PSP as well. The security on both of Sony's systems has been rendered moot.
|