Program

/

CODE BLUE 2024

Time Table

Defeating PlayStation 5 network encryption

DAY 1

12:50-13:30

Game consoles are among the most locked-down consumer devices on the market. There is also much interest in trying to defeat these protections. To combat this, console manufacturers invest heavily in security and offer monetary rewards for disclosing vulnerabilities.

In this talk, I will show how I broke the TLS network encryption of the PlayStation consoles and claimed the highest available reward, $50’000, for critical vulnerabilities in the consoles. This also caused Sony to push a forced update on all PlayStation consoles globally.

This vulnerability allows an attacker to silently decrypt the PlayStation network traffic to steal sensitive user information or access game data such as enemy locations. The traffic can also be modified to give an unfair advantage in online games or target the console with further attacks.

Vulnerabilities in TLS implementations are especially dangerous as it is usually the only layer of protection for network communication and is relied on everywhere. Proper security testing has also been hard without suitable tools. Last year, I released a tool called “certmitm” that I used to find this and hundreds of other vulnerabilities. With certmitm, security testing TLS implementations against common vulnerabilities is effortless, and it is a must-have tool for network penetration testing. Game consoles are among the most locked-down consumer devices on the market. There is also much interest in trying to defeat these protections. To combat this, console manufacturers invest heavily in security and offer monetary rewards for disclosing vulnerabilities.

In this talk, I will show how I broke the TLS network encryption of the PlayStation consoles and claimed the highest available reward, $50’000, for critical vulnerabilities in the consoles. This also caused Sony to push a forced update on all PlayStation consoles globally.

This vulnerability allows an attacker to silently decrypt the PlayStation network traffic to steal sensitive user information or access game data such as enemy locations. The traffic can also be modified to give an unfair advantage in online games or target the console with further attacks.

Vulnerabilities in TLS implementations are especially dangerous as it is usually the only layer of protection for network communication and is relied on everywhere. Proper security testing has also been hard without suitable tools. Last year, I released a tool called “certmitm” that I used to find this and hundreds of other vulnerabilities. With certmitm, security testing TLS implementations against common vulnerabilities is effortless, and it is a must-have tool for network penetration testing.

  • Location :

    • Track 1(HALL B)

  • Category :

    • Technical

  • Share :

Speakers

  • アーポ・オクスマン の写真

    Aapo Oksman

    アーポ・オクスマン

    Aapo Oksman is an entrepreneur and the Founder of Juurin Oy, a boutique company focusing on technical IoT cybersecurity. His background is in electrical engineering, embedded devices, and test automation. Combining his background with a hacking hobby led to a cybersecurity career focusing on industrial IoT. He has spent the past five years consulting on and penetration testing IoT devices and systems.
    Bug Bounties and security research keep Aapo motivated and learning. His work in PKI and TLS has resulted in multiple CVEs from vendors like Microsoft, Google, Apple, and Samsung. At DEF CON 31, Aapo released a TLS hacking tool, certmitm, that has proven its worth in finding insecure TLS implementations with new vulnerabilities found constantly.
    Outside work and research, Aapo's passion is in the community. He organizes local security meetups and coaches the Finnish national youth CTF team in the yearly European Cybersecurity Challenge competition.