[IP] Update: Sony PSP Exploit Apparently Confirmed
Begin forwarded message:
From: Lauren Weinstein <lauren@xxxxxxxxxx>
Date: June 15, 2005 12:05:02 PM EDT
To: dave@xxxxxxxxxx
Cc: lauren@xxxxxxxxxx
Subject: Update: Sony PSP Exploit Apparently Confirmed
Greetings. It appears that the exploit for Sony's PSP that I
described in:
http://www.eepi.org/archives/eepi-discuss/msg00099.html
was released as "advertised" this morning and has already been
tested by many users around the world. Reports indicate that it
provides the functionality previously discussed, and it has been
confirmed that it will not run on PSP firmware later than the 1.5
version. All but the earliest (firmware 1.0) PSP units in Japan,
and all U.S. units, have so far been shipped at firmware level 1.5.
Sony has recently released firmware versions 1.51 and 1.52, which
block the exploit, that some users have already flashed to their
units via Web downloads.
While the exploit apparently works, it is not by itself a terribly
practical long-term procedure, since it involves the rapid swapping
of memory sticks during the startup of each unsigned application.
However, the camel's nose is now in the tent, and the exploit, by
allowing the execution of arbitrary unsigned code (including
the ability to reflash the unit's firmware), will likely lead *very*
rapidly to more "user-friendly" and far-reaching exploitations and
homebrew applications.
So Sony is indeed faced with a problem -- and perhaps an
opportunity -- depending upon how they react to these developments.
--Lauren--
Lauren Weinstein
lauren@xxxxxxxx or lauren@xxxxxxxxxx or lauren@xxxxxxxx
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
- People For Internet Responsibility - http://www.pfir.org
Co-Founder, EEPI
- Electronic Entertainment Policy Initiative - http://www.eepi.org
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/