Time Table

Game consoles are among the most locked-down consumer devices on the market. There is also much interest in trying to defeat these protections. To combat this, console manufacturers invest heavily in security and offer monetary rewards for disclosing vulnerabilities.

In this talk, I will show how I broke the TLS network encryption of the PlayStation consoles and claimed the highest available reward, $50’000, for critical vulnerabilities in the consoles. This also caused Sony to push a forced update on all PlayStation consoles globally.

This vulnerability allows an attacker to silently decrypt the PlayStation network traffic to steal sensitive user information or access game data such as enemy locations. The traffic can also be modified to give an unfair advantage in online games or target the console with further attacks.

Vulnerabilities in TLS implementations are especially dangerous as it is usually the only layer of protection for network communication and is relied on everywhere. Proper security testing has also been hard without suitable tools. Last year, I released a tool called “certmitm” that I used to find this and hundreds of other vulnerabilities. With certmitm, security testing TLS implementations against common vulnerabilities is effortless, and it is a must-have tool for network penetration testing. Game consoles are among the most locked-down consumer devices on the market. There is also much interest in trying to defeat these protections. To combat this, console manufacturers invest heavily in security and offer monetary rewards for disclosing vulnerabilities.

In this talk, I will show how I broke the TLS network encryption of the PlayStation consoles and claimed the highest available reward, $50’000, for critical vulnerabilities in the consoles. This also caused Sony to push a forced update on all PlayStation consoles globally.

This vulnerability allows an attacker to silently decrypt the PlayStation network traffic to steal sensitive user information or access game data such as enemy locations. The traffic can also be modified to give an unfair advantage in online games or target the console with further attacks.

Vulnerabilities in TLS implementations are especially dangerous as it is usually the only layer of protection for network communication and is relied on everywhere. Proper security testing has also been hard without suitable tools. Last year, I released a tool called “certmitm” that I used to find this and hundreds of other vulnerabilities. With certmitm, security testing TLS implementations against common vulnerabilities is effortless, and it is a must-have tool for network penetration testing.