On June 10, 2022, white hacker Andy Nguyen received $20,000 on the HackerOne platform for discovering five vulnerabilities in the current firmware of the PlayStation 4 and PlayStation 5 consoles as part of Sony's bug bounty program. Three of the vulnerabilities were medium-level threats, and two were high-level ones. Moreover, the researcher created a chain of exploits (in C) for activating arbitrary code on consoles, which can be run on standard firmware versions of PS4 and PS5 consoles.
Nguyen provided information on HackerOne, how on PS4 and PS5, using an exploit chain and JIT compilation (burn a specially prepared iso file to disk and paste it into the console), you can cause a buffer overflow to cause a Kernel panic error and gain access to the kernel. You can then run arbitrary code on the system regardless of the firmware (the tests were on version 9.0), and you do not need to separately bypass the console's security system. Theoretically, this method can help you run pirated games on PS4 and PS5 without jailbreaking the system.
Previously, Nguyen received two $10,000 rewards from Sony for finding other vulnerabilities.
In June 2020, Sony launched a bug bounty program for the PlayStation 4 (PlayStation Bug Bounty Program) together with the HackerOne platform. Researchers can receive from $100 to $50,000 and even more for finding vulnerabilities in Sony products, including the PlayStation 4 game console, including its operating system, as well as the PlayStation Network with numerous gaming and payment services sites of the company. At the end of 2021, this program was expanded to search for vulnerabilities in the PlayStation 5. Since the start of the program, Sony has paid $475,000 to researchers for it.
The PlayStation 4 game console entered the market in 2013. In nine years, more than 120 million PlayStation 4s and more than 1.2 billion copies of games for this console have been sold worldwide. Subscriptions to PlayStation 4 games still bring Sony the bulk of the profits. In 2022, Sony decided to continue with the PlayStation 4.
The PlayStation 5 console was released in November 2020 and immediately became a hit in sales. Due to a shortage in the semiconductor market and problems with supply chains, Sony cannot increase the production of the PlayStation 5. The company simply cannot buy the necessary components - no one has them in stock, only on order and with a long delivery time.
Michael Zippo
2022/06/12
https://linkedin.com/in/michael-zippo-9136441b1
[email protected]
Sources: Python.Engineering, hackerone.com
