Hackers recently claimed to have found the Boot ROM keys for the Sony PlayStation 5 (PS5). But even worse for Sony? Those keys have been leaked online.
What makes this serious is that these PS5 ROM keys are not just some kernel exploit that Sony could easily patch with a firmware update. These are keys at the root level, Level Zero, and they enable decryption for bootloading, which then could allow hackers to choose and control the software they want to run on the console.
Basically, they’re the keys to the city gates, and these hackers now own them.
To explain how the PS5 ROM keys work, modern consoles technically use a security concept called a “Chain of Trust”. The following is a step-by-step explanation:
- Power On: The console receives power.
- BootROM (Level 0): The CPU runs code burned into it at the factory. This code is immutable (cannot be changed). It uses the ROM Keys to verify the signature of the next loader.
- Bootloader (Level 1): If verified, the BootROM loads the Bootloader.
- Kernel: The Bootloader loads the OS Kernel.
- Game/App: The Kernel loads your game.
Having access to the Level 0 ROM keys means that hackers can easily decrypt and change the Level 1 bootloader, even study how Sony’s PS5 security works, all at a bare metal level, because it removes the “black box” aspect of the console’s security. Worse, and as mentioned earlier, it would be damn near impossible for Sony to patch this up, allowing piracy on the console to run rampant.
Piracy on Sony’s PlayStation console is a tale as old as time, but hacking the console really began all the way back in 2010 and 2011, with the infamous fail0verflow hack, when Sony made the blunder of using the same random cryptographic numbers for signing.
The PS4 remained relatively safe, with Sony having learned its lesson and beefing up console security. It remains to be seen how this new PS5 ROM Key issue will play out.
(Source: The Cybersec Guru, Hot Hardware)
