Ripples in the Pool: The Long-Term Implications of the PS3 Hack
By now, every single person on the internet is well aware of the release of the PlayStation 3′s root keys. The guy responsible, George Hotz (aka Geohot), is the same fellow who brought us the jail break for iPhone.
“What’s the big deal?” some people might ask. To answer that, it’s necessary for us to first explain what a root key is. At its most basic, a root key is a specific string of characters used to authenticate all PS3 software as being produced by Sony. If a piece of software doesn’t have the root key, your PS3 knows it isn’t legit. The release of this key, the very core of the PS3′s security, is a devastating blow to Sony, and one that could spell the end of the platform as a whole.
I can hear the supporters of this guy out there right now, screaming, “This doesn’t even let people run pirated games!” While that may or not be true (I certainly haven’t tested it), no one can argue that this places the tools for pirating, hacking, and all sorts of other nefarious activities into the hands of those who have been longing to do exactly that. As I have said before, it’s like giving a heroin addict a box of needles and a pound of smack and asking him not to use any. It just ain’t gonna happen. Every time a console has had its protection cracked, piracy has been the result.
Yeah, I see you waving your hand. You’re saying that this doesn’t hurt anything, it’s just allowing people to use their consoles however they want, which is part of ownership, right? Sony should never have removed OtherOS, right? Forget for a minute that the only reason it was removed was that people were attempting to use that functionality to bypass the console’s security, and riddle me this, Batman: Which right of ownership allows you to destroy the integrity of Sony’s online service?
Reports are pouring in that the PS3 version of Modern Warfare 2 is overrun with hackers and exploiters. Already we’ve seen Robert Bowling of Infinity Ward say that, “Games rely on the security of the encryption on the platforms they’re played on, therefore; updates to the game through patches will not resolve this problem, unless the security exploit itself is resolved on the platform.” Basically, he’s putting it on Sony’s head, and quite rightfully so. No matter what Infinity Ward might do, the PS3 sees these hacks as legitimate software (because they’ve got the proper root key), so it will continue to run them.
If you’re playing Modern Warfare 2, you can expect to see folks using aimbots and wallhacks out there. You will likely also see folks altering clan tags, unlocking content, and doing just about anything else they want to. Now, get this: It isn’t just MW2 that’s affected. It’s every single game on the console. Sony has pledged to fix this, but there seems to be general disagreement on whether or not they can close this hole through firmware upgrades.
Furthermore, it’s still up in the air whether or not Sony can permanently remove these lovely folks from PSN. There are hacks out there (we won’t be linking to them) that allow the console’s ID to be changed. While Sony appears to use a whitelist method to validate PSIDs, if an unscrupulous individual gained access to a list of valid PSIDs, he could be virtually unstoppable for Sony, unless they devise an additional check that will block the console’s access.
While all of these things are being discussed around the web, there’s one thing no one seems to have thought of yet: the future implications of this action. You see, consoles and videogame systems have been a fairly secure platform to play games on for a while. Sure, there are consoles floating around with mod chips in them, but those historically have been a fairly small number, and they don’t affect anyone other than the console owner. If you torrent an XBox 360 game and play it, you’re stealing from the game developer, but you’re not going online and ruining the game that everyone else actually paid for.
Now, Sony is looking at a situation where their flagship console could be rendered all but useless for online play. Speculation is that they would need to issue a recall to replace hardware in every single system. Not only is it a logistics nightmare, but the cost of it would be staggering. More importantly, it might not even be effective. After all, there is a ton of software already out there that is imprinted with the existing root key, and that all has to work, too. You can bet that they are already planning for their next console, and now the security on it is going to be more robust than anything we’ve ever seen.
We don’t pretend to have any knowledge of anything Sony is working on, but I wouldn’t be surprised to see copy protections requiring at least regular online authentications of software. Perhaps you’ll have to be connected to the internet to play your console games. Maybe something even worse that I can’t think of right now. Remember, once you get burned, you tend to overprotect against getting burned a second time.
So this little incident will have some far-reaching repercussions. Don’t think that Microsoft isn’t watching this closely while they scramble in their security department to make sure it doesn’t happen to them as well. It seems small, but this sort of incident could shape the next generation of consoles. Scary, huh?
Let’s hope it’s not as bad as all that. Let’s hope that Sony can close up the security holes generated by this devastating hack. If not, let’s at least agree that when the PlayStation 4 with Gestapo-like security is released, we won’t complain to Sony about it. Instead, we can send all the complaint emails to Mr. Hotz. After all, he worked hard to earn them.