After its great milestones against the security measures of the Nintendo Switch, or the previous Sony PS3 and PS4 consoles, the well-known group of hackers fail0verflow has managed to find a vulnerability in the new PS5, managing to extract all the root keys of the new generation console.
As the hacker group shared on Twitter, “Another one bites the dust”, along with a screenshot of the latest decrypted PS5 firmware, as proof that they have managed to extract the keys from Sony’s latest console. However, the process to achieve this milestone has not been easy at all, but it will undoubtedly be rewarded. And it is that as confirmed by the group itself, it seems that these keys are symmetric, so they allow both encryption and decryption of the console code, granting full access to it.
Another one bites the dust 😎 pic.twitter.com/Y1ty93AvaE
– fail0verflow (@ fail0verflow) November 8, 2021
Regarding the specific method used to have subtracted these keys, it still remains a secret. A step ahead of many other leakers, fail0verflow has always been known for its great secrecy, something that has allowed them to keep their secrets to avoid the consequent security updates, usually giving them a significant advantage even with their milestones announced.
Thus, this implies that, beyond the announcement that the PS5 has been officially hacked, we should not wait for the group to publish its keys.
What does it mean to leak PS5 root keys?
These keys allow decryption of console files, including firmware. That makes reverse engineering possible, a process that opens the door to finding exploits, enabling homebrew, and even developing custom firmwares. It should also be possible to dump (dump) games, something that has not been done so far.
In fact, it is little coincidence that, almost parallel to this announcement, Andy Nguyen, another acquaintance of the scene under his pseudonym “theflow0” on Twitter, has also managed to run a similar console exploit on the console. through the discovery of a special Debug Settings option hidden.
– Andy Nguyen (@ theflow0) November 7, 2021
While for the moment Nguyen has also not wanted to share how he has managed to access this option, it is certainly clear that the PS5 has a significant security vulnerability. So, like fail0verflow, Nguyen has already indicated that he has no plans to release it.
Without having issued any kind of official statement, it now remains to be seen if Sony will resort to methods of the past to try to solve this problem, with antecedents such as paying $ 10,000 to the Google engineer for the discovery of an exploit in firmware 7.02 of the PS4.