The answer, at least according to one hacker, is that Sony collects a lot of data about users when they log into the PlayStation Network. Even worse than the volume of data collected — which is all automatically transferred to Sony when your PS3 connects to your WiFi network — is the way it is transmitted: in plain-text, with absolutely zero encryption.
“Sony is the biggest spy ever… they collect so much data. All connected devices return values sent to Sony’s servers,” the hacker said. According to him, Sony knows literally everything about your PlayStation 3, including which controllers you’re using, what USB devices are plugged in, what television is hooked up to it, everything.
Most alarming? This is the way Sony transmits your credit card information for every purchase:
creditCard.paymentMethodId=VISA&creditCard.holderName=Max&creditCard.cardNumber=45581234567812345678&creditCard.expireYear=2012&creditCard.expireMonth=2&creditCard.securityCode=214&creditCard.address.address1=example street%2024%20&creditCard.address.city=city1%20&creditCard.address.province=abc%20&creditCard.That’s not unencrypted. That’s literally how the PS3 transmits your credit card information to its servers. That means that if you’re on an uncompromised network, literally anyone can pluck your credit card information from the air and use it for whatever he wants.
The hacker also states that the reason Sony is going on the offense when it comes to the PlayStation Network is because the release of the PS3 master key now makes it possible for anyone with a hacked PS3 to download as much content from the PSN Store as they want, all for free.
Perhaps this explains why Sony has been going to such lengths to sue, silence or hide all details of the PS3 jailbreak: they know their system is a security liability and now that it’s been blown wide open, they fear massive fraud and class-action lawsuits from the defrauded.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.