Prologue
Due our objective research of the SONY PlayStation Network, we decrypted nearly 100% of the traf?c transferred over
proxies, http and https to and from the PSN. Just out of curiosity, not to harm anyone or anything and not like SONY may
want people to see it.
As SONY calls the scene hackers "evil", we surely do not address pirates and skiddies, we wondered how SONY is treating
the users' privacy and rights (remember the Music CD/DVD and USB stick rootkits). After we noticed a few badass functions
they have built into the PSN/PS3 functionality, we just call it the "Call of Privacy: Modern Spyware" case.
Below we list and explain a few of the shady PSN functions and data mining stuff. And remember: EVERYONE has a right to
know about YOUR OWN PRIVATE data being transferred over the networks !
Sensitive data
Even if a connection is SSL encrypted, companies are aware of the big risk behind custom CA files and it's possibilities.
SONY seems not to care about those known vulnerabilities. It is a big company and a HUGE network. With huge we mean a
magnitude of hundreds and even thousands: the PSN utilizes thousands of servers, handled by a very small group of
administrators and quality assurance people. The IP ranges and domains of these servers are retrievable by anyone, cause
this is how the Internet works ! It is all public data and information !
An example is the credit card information and the login authentification itself. Take a look at the traffic:
creditCard.paymentMethodId=CC_COMPANY&
creditCard.holderName=EXAMPLENAME&
creditCard.cardNumber=1234567890123456&
creditCard.expireYear=2012&creditCard.expireMonth=2&
creditCard.securityCode=123&
creditCard.address.address1=EXAMPLESTREET%2024%20&creditCard.address.city=EXAMPLECITY%20&
creditCard.address.province=EXAMPLEREGION%20&
creditCard.address.postalCode=12345%20
The credit card information should ALWAYS be encrypted. In ANY case. At least the security code. SONY is only relying on
it's https connection. With all those CFWs spreading around, this is not secure anymore.
Same goes for the user details:
serviceid=IV0001-NPXS01001_00&
loginid=example@mail.com&
password=examplepassword&
first=true&
consoleid=EXAMPLEID123
Such sensitive data can now be captured by anyone who builds his own custom firmware with custom certificates. There
are enough n00b-friendly tools by now. Means, little scriptkiddies can spread their little CFWs and phish user data.
h, it goes through https? never mind then.
