The PlayStation Classic's internal USB, removed and picked at as part of the hacking effort.

Enlarge / The PlayStation Classic's internal USB, removed and picked at as part of the hacking effort. (credit: Yifan Lu / Twitter)

In the days since the PlayStation Classic's official release, hackers have already made great progress in loading other PlayStation games (and even non-PlayStation software) onto the plug-and-play device. What's more, it seems some sloppy cryptography work on Sony's part is key to unlocking the device for other uses.

Console hackers yifanlu and madmonkey1907 were among those who were able to dump the PlayStation Classic's code via the system's UART serial port in the days after its release. From there, as yifanlu laid out on Twitter, the hackers found that the most sensitive parts of the system are signed and encrypted solely using a key that's embedded on the device itself, rather than with the aid of a private key held exclusively by Sony. In essence, Sony distributed the PlayStation Classic with the key to its own software lock hidden in the device itself.

Further examination by yifanlu during a series of marathon, Twitch-streamed hacking sessions found that the PlayStation Classic also doesn't seem to perform any sort of signature check at all for the sensitive bootrom code that's loaded when the system starts up. That makes it relatively trivial to load any sort of payload to the hardware from a USB device at startup, as yifanlu demonstrated with a video of a Crash Bandicoot prototype running on the PlayStation Classic last week.

Read 3 remaining paragraphs | Comments

 
GNU Binutils Integer Overflow and Heap Based Buffer Overflow Vulnerabilities
 
PHP CVE-2018-19935 Denial of Service Vulnerability
 
GNU Binutils CVE-2018-20002 Denial of Service Vulnerability
 
IBM Maximo Asset Management CVE-2018-1872 Cross Site Scripting Vulnerability
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Last week, the arrest of MENG Wanzou made big waves in the news. Ms. Meng was arrested in Canada based on an arrest warrant issued for the United States Department of justice. Ms. Meng, as CFO of Huawei and possible heir to her father, the CEO of Huawei, is assumed to have access to substantial wealth. This led to a wave of advanced fee scams levering this news. 

Advance fee scams have probably been most commonly associated with "Nigerian Prince" scams. The trick is to promise substantial wealth in exchange for a relatively small advanced fee.

In this case, the message sent via WeChat suggested that a corrupt Canadian guard would let Ms. Meng escape for a few thousand dollars. The recipient of the message is asked to transfer the money to the guard's account, and promised a large amount of money once Ms. Meng is released:

Translation: "Hello, I am MENG Wanzou. Currently, I have been detained by Canadian customs. I have limited use of my phone. Right now CIA is trying to get me into the hands of the US government. I bribed the guard of my room, and urgently need US$2000 to get out of here. Once I am out, I will reward you 200,000 shares of Huawei.  I will be good on my word. if you are single, we can also discuss the important thing in life. The guard’s name is David, the account number is 52836153836252, swift 55789034. I will be good on my word"

Of course, it is questionable how successful a crude attempt like this will be. But sadly, experience tells us that there are still people falling for the old "Nigerian scam". By targeting Chinese individuals via WeChat, the scam may have a higher success rate than more widely distributed scams.

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status