During the GeekPwn conference in Shanghai, Hackers have exposed a new exploit for PlayStation 4 running on the 4.01 firmware. The Webkit browser is used in order to insert the exploit, which jumps to a command line prompt, after which Linux is booted. NES emulation hilarity courtesy of Super Mario Bros duly follows.
If indeed the hack is genuine –since it was displayed at GeekPwn making it very likely- it will be the first time we’ve seen a lapse in the PlayStation 4’s system software security since previous breaches in the older 1.76 firmware were highlighted, utilized by renowned hackers fail0verflow in the initial PS4 Linux demo, showcased back in January.
The hack also seems noteworthy since firmware 4.01 – or a previous version – will probably run on the upcoming PlayStation 4 Pro, and the close compatibility and similar OS used by the new hardware also makes that susceptible to the same exploits. The disturbing thing about these Webkit exploits that sporadically emerge for the PS4 is that they are conceding full kernel access to the hardware, necessary in order to run Linux.
For ten months a PlayStation 4 port of Linux has been available to the public, but its effectiveness for console owners has been restricted thanks to Sony’s policy of closing up exploits as soon as they are discovered, while older consoles with susceptible firmware updates are almost non-existent. This does seem like a good thing since piracy would inescapably follow eventually. Although, running a full desktop OS on the console could be rather fascinating.
“Linux on the PS4 actually makes a lot of sense, more than it ever did on any previous game console,” fail0verflow stated back in January after their demo. “It’s close enough to a PC that getting 3D acceleration working, while rather painful (as we’ve learned), seems entirely possible without undue amounts of effort (in a timeframe of months, not years), to the level needed for real indie games and even AAA titles, not just homebrew. And many thousands of indie and AAA games already run on Linux. Yes, SteamOS on the PS4 should ‘just work’ once the driver issues are sorted out.”
If you were expecting a release for the 4.01 exploit though I hate to burst your bubble. The group responsible for the video – Chaitin.cn – seem to be a legitimate Beijing-based company that specializes in internet security, which could be an explanation for the sudden release of firmware 4.05 for PlayStation 4 following the group’s demo at GeekPwn earlier this week.
You can view the video below. (Warning no English subtitles)