On November 13, a handful of terrorists from Belgium killed 130 Parisian citizens and tourists. Initially, it was suspected that the terrorists might have been communicating with each other using PlayStation 4 devices. Belgium’s Interior Minister, Jan Jambon, said in an interview, “It is very, very difficult for our services…to decrypt the communication from the PlayStation 4.” The U.S. media jumped all over the Sony PlayStation angle for a few days. Ultimately, the PlayStation was absolved in the Paris attacks. In fact, the terrorists were actually just using burner phones to communicate with each other.
But in the initial hours after the attack, when the PlayStation 4 rumor was first circulating, I decided to see exactly what kind of encryption the PS4 uses for its messaging system. The SKFU pr0xy is a shareware proxy server that works just fine for simple traffic sniffing. I installed the proxy server on an old laptop and used the PS4 proxy server network setting to route all the traffic through it. Then I sent a couple of PlayStation network chat messages to a friend and looked at the resulting traffic.
I’m running the latest firmware on my PS4 console and basing my analysis from a single network capture sample. But, let us suppose that it is representative of all Sony PS4 consoles at this time.
I would characterize the PS4 encryption as not terrible for consumer security, but it’s probably not resistant to state intelligence agencies.
Let’s start with the good stuff. The Sony PS4 console encrypts its chat messages with Transport Layer Security (TLS), the suite of protocols formerly known as SSL. It uses a modern symmetric cipher (AES256-CBC) and 2048-bit asymmetric (RSA) keys, both of which are still thought to be unbreakable in the foreseeable future.
The downside is the PS4 uses at least three suboptimal encryption settings that would have a nation-state intelligence operator gleefully rubbing his hands.
The PS4 uses an old version of the TLS protocol (1.0) rather than the more secure version 1.2. TLS v1.0 is definitely on its way out. The payment card industry (PCI) guidelines will require its removal in 2016 for any sites that process credit card transactions. As old as TLS 1.0 is—16 years—it isn’t completely broken yet. At least, not the way that Sony is using it. But the other two settings are more worrying—or would be, for someone trying to hide from an intelligence agency.
The certificates used by the PS4 servers are older as well, and signed using SHA-1, a weak algorithm. All major certificate authorities have been (or should be) using one of the newer variants, such as SHA-256, for their certificates. It is thought that a nation state might have the resources to be able to force a hash collision with SHA-1. A hash collision would help them eavesdrop on suspected communications. Ironically, SHA-1 was the replacement for an even older hashing algorithm, MD5, which was demonstrated to be insecure in an experiment involving hundreds of networked Sony PlayStation 3 consoles. It would be ironic if hundreds of PS4s were used to break SHA-1, upon which the PS4 message security relies, wouldn’t it?
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Version: TLS 1.0 (0x301)
Session ID Length 32:
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Lastly, the PS4 console does not negotiate the suite of ciphers known as “forward secrecy.” Forward secrecy is a double-encryption technique specifically designed to thwart surveillance by powerful adversaries such as nation-state intelligence agencies. The PlayStation servers, hosted in the cloud, appear to support forward secrecy, but the consoles themselves do not use it. If Interpol or another agency with broad surveillance powers were to record all PS4 chat sessions today, they could recover the text of the messages in the future (forward in time) if they ever brute-force Sony’s private key (or acquire it via court order or coercion).
The PlayStation 4 communication system would achieve a C grade, according to SSL Labs. At this moment in time, I would not consider its encryption crackable by an individual attacker. But without forward secrecy, a nation state wouldn’t be deterred from retrieving the messages. In contrast, Apple has gone to much further lengths to prevent nation states and law enforcement entities from decrypting subscriber messages.
My PS4 updates its system software periodically. It would not be surprising if Sony pushed out a system patch within the next few months that improved the console’s encryption security. Perhaps one is already scheduled.
It was a juicy idea that terrorists might have been using the same consoles that our children use to yell at each other as they combat their own virtual terrorists in Sony’s Call of Duty Black Ops game. As it turns out, Belgium’s Interior Minister, Jan Jambon, wouldn’t have needed to hack Sony to get at the real terrorists’ messages: they were just texting on throw-away, pay-as-you-go phones. That’s the larger security hole, and one that isn’t likely to be solved in a technological way.