A vulnerability that was present in older versions of BSD systems appears to affect consoles PlayStation 4 (PS4) and PlayStation 5 (PS5), more specifically up to versions 11.00 and 8.20 of the firmware used by the machines. This news is somewhat surprising, as Sony’s latest consoles are believed to be based on more modern versions of FreeBSD, which should not have the security flaw.

The vulnerability, which affects the last two generations of PlayStation consoles, was discovered in 2006 and at that time affected versions 4.11 to 6.1 of FreeBSD, 2.0 to 4.0 beta of NetBSD, and 3.8 to OpenBSD 3.9.

More specifically, the vulnerability is a buffer overflow in the driver sppp that “allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via Link Control Protocol (LCP) packets created with a dial length that exceeds the total length, which triggers an overflow in the point-to-point protocol over Ethernet (pppoe) and point-to-point protocol network driver synchronously with the integrated service digital network (ippp )”.

Wololo media informs about it Failed to reproduce denial of service on PlayStation 4 and PlayStation 5 firmware versions 11.02 and 8.40 in that order, meaning that Sony has patched the vulnerability or modified part of the relevant code so that it can no longer be exploited. This is a hint that opens the door to the possibility that someone tipped off the company.

Vulnerabilities that affect PS4 and PS5 can be easily checked thanks to this A proof of concept (PoE) is published on GitHub. which allows it to be misused. Requirements are to have Python 3 and Scapy installed; have the console connected to a local area network (LAN) with a cable; configure the console to manually connect to Ethernet using PPPoE; enter any username and password; update source, target and interface v script proof of concept; use the console internet connection test; and ends by running its own script.

After meeting the requirements and running script, the user will be able to check if their PS4 or PS5 is vulnerable. If the console freezes, it means it has vulnerable firmware, but if it does, it should be running firmware that includes a patch, which is not yet known whether it was introduced voluntarily or involuntarily. Obviously, checking for a security bug requires some programming and networking knowledge.

From the seventh generation onwards, video game consoles resembled neutered computers rather than traditional consoles that simply involved inserting a cartridge or disc and turning it on. That along with the fact that they are usually connected to the internet, that is Updating your software is very important to get the latest security patches. Yes, we find ourselves in the same situation here as on the PC, that at the end of the day, video game consoles are nothing more than ordinary computers, they are just artificially limited in terms of the options and freedom they offer users. .