Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Paris Attacks: What kind of Encryption Does the PlayStation 4 Use, Anyway?

On November 13, a handful of terrorists from Belgium killed 130 Parisian citizens and tourists. Initially, it was suspected that the terrorists might have been communicating with each other using PlayStation 4 devices. Belgium’s Interior Minister, Jan Jambon, said in an interview, “It is very, very difficult for our services…to decrypt the communication from the PlayStation 4.” The U.S.

On November 13, a handful of terrorists from Belgium killed 130 Parisian citizens and tourists. Initially, it was suspected that the terrorists might have been communicating with each other using PlayStation 4 devices. Belgium’s Interior Minister, Jan Jambon, said in an interview, “It is very, very difficult for our services…to decrypt the communication from the PlayStation 4.” The U.S. media jumped all over the Sony PlayStation angle for a few days. Ultimately, the PlayStation was absolved in the Paris attacks. In fact, the terrorists were actually just using burner phones to communicate with each other.

But in the initial hours after the attack, when the PlayStation 4 rumor was first circulating, I decided to see exactly what kind of encryption the PS4 uses for its messaging system. The SKFU pr0xy is a shareware proxy server that works just fine for simple traffic sniffing. I installed the proxy server on an old laptop and used the PS4 proxy server network setting to route all the traffic through it. Then I sent a couple of PlayStation network chat messages to a friend and looked at the resulting traffic.

Playstation Encryption

I’m running the latest firmware on my PS4 console and basing my analysis from a single network capture sample. But, let us suppose that it is representative of all Sony PS4 consoles at this time.

I would characterize the PS4 encryption as not terrible for consumer security, but it’s probably not resistant to state intelligence agencies.

Let’s start with the good stuff. The Sony PS4 console encrypts its chat messages with Transport Layer Security (TLS), the suite of protocols formerly known as SSL. It uses a modern symmetric cipher (AES256-CBC) and 2048-bit asymmetric (RSA) keys, both of which are still thought to be unbreakable in the foreseeable future.

The downside is the PS4 uses at least three suboptimal encryption settings that would have a nation-state intelligence operator gleefully rubbing his hands.

The PS4 uses an old version of the TLS protocol (1.0) rather than the more secure version 1.2. TLS v1.0 is definitely on its way out. The payment card industry (PCI) guidelines will require its removal in 2016 for any sites that process credit card transactions. As old as TLS 1.0 is—16 years—it isn’t completely broken yet. At least, not the way that Sony is using it. But the other two settings are more worrying—or would be, for someone trying to hide from an intelligence agency.

The certificates used by the PS4 servers are older as well, and signed using SHA-1, a weak algorithm. All major certificate authorities have been (or should be) using one of the newer variants, such as SHA-256, for their certificates. It is thought that a nation state might have the resources to be able to force a hash collision with SHA-1. A hash collision would help them eavesdrop on suspected communications. Ironically, SHA-1 was the replacement for an even older hashing algorithm, MD5, which was demonstrated to be insecure in an experiment involving hundreds of networked Sony PlayStation 3 consoles. It would be ironic if hundreds of PS4s were used to break SHA-1, upon which the PS4 message security relies, wouldn’t it?

Advertisement. Scroll to continue reading.

Handshake Protocol: Server Hello

Handshake Type: Server Hello (2)

Version: TLS 1.0 (0x301)

>Random

Session ID Length 32:

Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)

Lastly, the PS4 console does not negotiate the suite of ciphers known as “forward secrecy.” Forward secrecy is a double-encryption technique specifically designed to thwart surveillance by powerful adversaries such as nation-state intelligence agencies. The PlayStation servers, hosted in the cloud, appear to support forward secrecy, but the consoles themselves do not use it. If Interpol or another agency with broad surveillance powers were to record all PS4 chat sessions today, they could recover the text of the messages in the future (forward in time) if they ever brute-force Sony’s private key (or acquire it via court order or coercion).

The PlayStation 4 communication system would achieve a C grade, according to SSL Labs. At this moment in time, I would not consider its encryption crackable by an individual attacker. But without forward secrecy, a nation state wouldn’t be deterred from retrieving the messages. In contrast, Apple has gone to much further lengths to prevent nation states and law enforcement entities from decrypting subscriber messages.

My PS4 updates its system software periodically. It would not be surprising if Sony pushed out a system patch within the next few months that improved the console’s encryption security. Perhaps one is already scheduled.

It was a juicy idea that terrorists might have been using the same consoles that our children use to yell at each other as they combat their own virtual terrorists in Sony’s Call of Duty Black Ops game. As it turns out, Belgium’s Interior Minister, Jan Jambon, wouldn’t have needed to hack Sony to get at the real terrorists’ messages: they were just texting on throw-away, pay-as-you-go phones. That’s the larger security hole, and one that isn’t likely to be solved in a technological way.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...