Gregory D. Evans | Ex-Hacker | TV Personality | Author

By Mark Brown, Wired UK

Presenting at the 27th Chaos Communication Conference in Berlin, members of renowned hacking group fail 0verflow took to the stage to announce that the PlayStation 3’s internal security has been completely overthrown. Hackers now have the same tools as console manufacturer Sony to decide what software can be run on the device.

The games console, which has so far been largely resilient to hacking attempts, uses a tightly guarded encryption system to make sure only games, downloads and software updates signed by Sony will actually run. Each piece of code is required to present a cipher, created by a mathematical formula, to pass encryption.

But now, the team is in possession of those encryption keys. And you are too, thanks to renowned iPhone hacker George Hotz, who published the codes on his website.

This gives any software maker unbridled access to the PlayStation 3’s innermost workings, laying the console’s architecture bare for coders and hackers to run riot. Pirated games, unsigned applications and even full, hard-coded custom firmwares can be run on the console, and Sony has no way to fix the glaring exploit — outside of releasing brand new hardware with a completely new encryption method.

It leaves the PlayStation 3, once a resilient and well-fortified gadget, as possibly the most vulnerable home console currently on the market — even more open to exploitation than the Xbox 360 and Wii, which were opened up to piracy and hacking long before Sony’s box.

So what took these hackers so long? Members of the fail 0verflow team — a collaboration of hackers and coders best known for cracking the Wii and executing unsigned code on Nintendo’s console — said Sony’s removal of Linux on the console was the impetus they needed to get on and hack it.

Much to the aggravation and chagrin of amateur developers and hackers, Sony removed support for OtherOS (and the ability to install operating system Linux and therefore unsigned code) in May 2010, and shipped the PS3 Slim in September 2010 with no support for Linux. “By doing this, Sony pissed off the hackers,” a team member stated at the Berlin conference.

Now, it’s up to developers and coders to move on with their own projects, safely in possession of the console’s encryption keys. “We won’t be working long-term on [a custom firmware] or similar,” the team wrote on its official Twitter account. “We’ll release tools and a PoC, someone else can take over. “The fun part is done.”

This full exploit comes just months after hackers released a USB device called PSJailbreak Exploit, which let unscrupulous users play hacked or pirated code as long as a special USB dongle was jammed in the console. But it wasn’t without its problems: You had to be stuck on an older firmware, meaning some bang-up-to-date games wouldn’t work, and Sony could easily fight back with software updates.

Those problems should be nonexistent on this new vulnerability exploit.