Home » PS4/PS5: TheFloW confirms he has an enormous vulnerability on PlayStation, with important HackerOne bounty

PS4/PS5: TheFloW confirms he has an enormous vulnerability on PlayStation, with important HackerOne bounty

by Ethan Marley
0 comment

PlayStation hacker TheFloW has taken to LinkedIn to verify he has been awarded one more $10K by PlayStation’s bounty program on HackerOne. This signifies the researcher has certainly submitted a important vulnerability to Sony. If and when it is going to be disclosed stays to be seen.

PS5 Kernel exploit incoming ?

The PS4 and PS5 have been “caught” with Jailbreaks being solely out there on pretty outdated firmwares for fairly a while now. Although this appears to be the rule now on PlayStation units (and, as such, the recommendation to purchase a console early and preserve it on a low firmware from Day 1 stays probably the most legitimate piece of recommendation one can provide within the PlayStation scene), this has understandably left plenty of customers pissed off.

However, again in September, TheFloW ignited the scene with a easy “don’t replace” assertion. The hacker was (no so) subtly indicating he had one thing massive in retailer.

There wasn’t a lot doubt that this was a Kernel exploit for both the PS5 or PS4 (or each), however his message this week on LinkedIn is one other affirmation. The e mail he obtained from PlayStation’s safety workforce reads:

Thank you very a lot for the report!

We have reproduced your findings, we now have determined to fee the severity of this report as excessive and award you a $10’000 bounty

Again, there is no such thing as a indication of a disclosure for no matter chain of exploits that is, however prior to now, TheFloW has been fairly constant at getting his exploits publicly disclosed, with approval from Sony.

It is nevertheless fascinating to see that the hacker has determined to make the announce on LinkedIn moderately than on Twitter, presumably to keep away from the military of “ETAWEN” replies…

Is HackerOne a blessing or a curse for the PS4/PS5 scene?

People have taken to Twitter to say that HackerOne is damaging the scene, particularly since we’re on the mercy of Sony’s safety workforce to resolve whether or not an exploit will likely be disclosed or not. I personally assume this example advantages each the scene {and professional} hackers. As a lot as some folks wish to imagine it, there is no such thing as a manner the scene might collectively collect sufficient cash to persistently pay a $10’000 bounty for a Jailbreak. In my nearly 20 years of expertise within the scene now, I’ve seen numerous makes an attempt at gathering cash to fund the efforts of safety researchers: gathering greater than $1000 for a really promising lead is the exception, not the norm. $10’000 can be an enormous enterprise, not even mentioning the legality features of it.

It is true that the PlayStation hacking scene is far much less energetic than within the PSP/PS3 days, however for my part that is largely the results of:

  1. safety of the brand new units being considerably improved that means a a lot increased entry barrier for folks taken with tinkering
  2. increasingly more units (e.g. telephones) companies (e.g. Epic, GOG, …), and the rise of the free-to-play gaming mannequin permit folks to play plenty of video games for virtually nothing these days, that means (IMO) a number of the enchantment of taking part in emulators or pirated video games (I do know, surprising) on consoles is fading away quick
  3. the PS4 and PS5 are similar to common laptop {hardware} and structure. Some hackers comparable to FailOverfl0w have indicated that this impacted their motivation to work on the consoles.

In my opinion, HackerOne is a blessing in disguise as a result of I imagine it retains some hackers comparable to TheFloW , if solely as a result of it provides some “skilled avenue cred” varnish to the hacking effort, for people who find themselves already professionals within the subject.

What’s subsequent for the PS5/PS4 Jailbreak standing?

At the purpose the one factor we are able to do is keep put. The hacker warned in September to not replace your PS5. If your PS5 is on Firmware above 8.xx at this level (and until you simply bought it for Christmas this 12 months), you’ll solely have your self guilty if you happen to missed out on no matter comes subsequent. As far as PS4 is anxious, I stay satisfied at this level that the simplest methodology is simply to purchase a second hand 9.00.

You may also like

Leave a Comment