• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Is remote play for PS4 is a hacker's dream?

RhyDin

Member
We still see tons of people getting their PSN accounts compromised (from what I can only guess are successful phishing attempts) and their accounts banned - the funniest part of remote play is that it requires no authentication on the console side during the remote play authentication in it's current state, from my experience. You just enter your PSN credentials and it seems to find the console you're logged into that account with and syncs it up effortlessly. In some cases, you may need to manually link up - I'm unsure if this is due to being outside of the same local network/subnet, though.

Now bad guys can run your account up with bills, view your paypal e-mail, delete all your friends and gamesaves or format your console, post spam and much more - from your own IP address! Luckily, you can't gift people games from your account on Playstation, otherwise PSN would become even more of a target and a nightmare.

Come on, Sony, still no two-factor authentication? Nintendo might be light-years behind in terms of network infrastructure and connectivity, but even they know what they're doing in terms of protecting the end-user. Just look at Miitomo - the reason for only being able to add by people around you or social networking is to prevent spammers and bots.

If you aren't already using a password manager and using a unique password on your Playstation account, now would be a very good time to change that.
 

jiggles

Banned
If this is honestly the kind of thing that keeps you up at night you can just either not bother forwarding the remote play ports on your home router, or simply turn the feature off.
 

bones123

Member
I don't...

Do you think someone is gonna RDP into your computer and run Remote Play PC and buy shit on your PS4? The app needs you to have a DS4 plugged in anyway, so you're probably better off worrying about having a keylogger steal your password when you log in.
 

TalonJH

Member
If they already have your credentials, they can just log into your account on their on PS4 and do the same. It's not really any different.

If you give me your information I can log in and buy games, delete friends ect.

If you are worried, you can disable RP in settings>>remote play connection settings under unchecked enable remote play.

Two factor authentication needs to happen though.
 

Orayn

Member
OP may be a little dramatic, but there really is not excuse for Sony not to support two factor authentication.
 

Fat4all

Banned
giphy__2_.gif
 

Cade

Member
I don't...

Do you think someone is gonna RDP into your computer and run Remote Play PC and buy shit on your PS4? The app needs you to have a DS4 plugged in anyway, so you're probably better off worrying about having a keylogger steal your password when you log in.
It actually doesn't need a DS4. All the menus are operable with keyboard.
 

Mechazawa

Member
Sony's lack of 2 step is absolutely Garbage Town, I feel you on that front, but the PS4 has a functionality that blocks remote play from rest mode. So unless you're often leaving your PS4 on while stepping away for prolonged stretches of time for whatever reason, even someone having your credentials shouldn't be an issue.

And like others have said, it's easier to fuck with you on that front by just logging into the PC Store.
 
Having a unique code you have to input to have a device's RP setup connect to the PS4 isn't authentication? I guess I need to burn everything I own and make a break for the north pole where nobody can get me!
 
It's already been said a couple times here but if they have your credentials, its game over. Adding remote play to PC doesn't make it any worse than it already is.

Maybe the new SIE will implement 2-factor authentication someday.
 

Rellik

Member
OP may be a little dramatic, but the fact we STILL don't have 2 factor authentication is absolutely ridiculous.

We'll probably get it at the same time as PSN name changes.

Never
 

RhyDin

Member
Having a unique code you have to input to have a device's RP setup connect to the PS4 isn't authentication? I guess I need to burn everything I own and make a break for the north pole where nobody can get me!
I didn't have to do this.

I don't think they can view your PayPal from PlayStation.com, nor can they delete cloud data (?) or remotely stored save data, or format your console.

To the poster questioning RDP into your PC is not what I mean. Remote play can wake a PS4 over WAN, then they can format your console by remotely controlling it.
 

Fisty

Member
I didn't have to do this.

I don't think they can view your PayPal from PlayStation.com, nor can they delete cloud data (?) or remotely stored save data, or format your console.

To the poster questioning RDP into your PC is not what I mean. Remote play can wake a PS4 over WAN, then they can format your console by remotely controlling it.

This isnt even possible
 
Be careful if you play with mods on your PC too, they might snatch your PSN account password.

Having no 2 factor authentication is shitty though, I agree with that.
 

TalonJH

Member
I didn't have to do this.

I don't think they can view your PayPal from PlayStation.com, nor can they delete cloud data (?) or remotely stored save data, or format your console.

To the poster questioning RDP into your PC is not what I mean. Remote play can wake a PS4 over WAN, then they can format your console by remotely controlling it.

You actually can't do that. You get this page:
MtVVKqH.jpg
 

Illucio

Banned
This pretty much kills Vita for me for good, glad I sold it.

I can now game on my PC with my PS4 controller, which is +1 in laziness for me. I do prefer to go on my big screen and couch to play though. But it's nice knowing I have the option if I'm at a friends house or something.
 

5taquitos

Member
That's a hefty dose of paranoia there, OP. If someone had my PSN login information, remote play access would be the least of my concerns.
 

shmoglish

Member
I didn't have to do this.

I don't think they can view your PayPal from PlayStation.com, nor can they delete cloud data (?) or remotely stored save data, or format your console.

To the poster questioning RDP into your PC is not what I mean. Remote play can wake a PS4 over WAN, then they can format your console by remotely controlling it.
There are a few Features you can't User while remote play. You have no access to the network related stuff, Netflix and other streaming services normaly dont work and I am sure formating the system is not possible.
 

Imbarkus

As Sartre noted in his contemplation on Hell in No Exit, the true horror is other members.
If someone already has access to your PSN credentials, they don't need remote play to fuck with you. You thread is bonzo beans.

But people get their credentials "hacked!"

12345.jpg
 

jooey

The Motorcycle That Wouldn't Slow Down
Alert the media! HACKERS can remotely intercept your PlayStation and STEAL YOUR CREDIT CARD! Full details in today's Daily Mail
 

RhyDin

Member
Sony's lack of 2 step is absolutely Garbage Town, I feel you on that front, but the PS4 has a functionality that blocks remote play from rest mode. So unless you're often leaving your PS4 on while stepping away for prolonged stretches of time for whatever reason, even someone having your credentials shouldn't be an issue.

And like others have said, it's easier to fuck with you on that front by just logging into the PC Store.

That's weird, the app allowed me to wake up my PS4 while it was in rest mode when I connected, but maybe that's because it's on the same network as me. Also, there's some things people can't do on the site that you can do on a console, like purging your entire friend's list. It may seem unlikely, but to those who think this is laughable, you've clearly never been owned on the internet before.

I didn't know formatting the drive feature was disabled - I assume it was enabled because I did test the ability to delete your saved cloud data and locally stored data. Formatting would be the same thing, anyway, because saves are all you'd really be losing when doing a system recovery.

A hackers dream as in only in a dream would a hacker experience remote play as a way to compromise your Playstation

I don't see what the big laugh is. Without an extra layer of authentication (again, I never was presented with an on-screen handshake key to enter into the remote play app. I thought people in the remote play said that you're able to remote play over WAN).

From all the threads on GAF and elsewhere of unauthorized purchases on compromised PSN accounts, I haven't saw one that said their credentials were changed. I can only surmise this is because the thief planned on selling or using the account second-hand (although, a specific PSN account can only be signed in from one location at a time).

No, this isn't really different from any other RDP feature, aside from the fact that the feature is enabled by default and many people probably won't even be aware of it. That in itself is a kind of vulnerability, because we know that people won't proactively go in and disable it - just like people use insecure passwords and get brute forced, phished, or however else these accounts have been compromised.

tl;dr - Aside from getting your account banned when disputing fraud charges, your saves can now be deleted.
 

Melchiah

Member
I don't think it works that way OP.

Come on, Sony, still no two-factor authentication? Nintendo might be light-years behind in terms of network infrastructure and connectivity, but even they know what they're doing in terms of protecting the end-user. Just look at Miitomo - the reason for only being able to add by people around you or social networking is to prevent spammers and bots.

So, does Nintendo have two-factor identification?

In all my years I've only ran into one spammer/troll, who sent me several requests to join in Minecraft, eventhough I clearly said I don't have the game, nor could I be less interested in it. Deleting him/her from my PSN friends fixed that problem.

You can also set who can send you friend requests or private messages. It sounds like OP doesn't have much experience of using thecsystem.
 

RhyDin

Member
So, does Nintendo have two-factor identification?
Miitomo supports login/registration by Facebook and Twitter, which both have it, so sort of. Nintendo Accounts on Nintendo.com also support logging in via Facebook, Google+ or Twitter and those accounts are the ecosystem where you purchase digital downloads via the web. So yes, it seems like they're starting to and are ahead of Sony on this.
 

Melchiah

Member
Miitomo supports login/registration by Facebook and Twitter, which both have it, so sort of. Nintendo Accounts on Nintendo.com also support logging in via Facebook, Google+ or Twitter and those accounts are the ecosystem where you purchase digital downloads via the web. So yes, it seems like they're starting to and are ahead of Sony on this.

Both have it, but neither enforces it. I imagine you can login without using FB/Twitter as well.
 
Top Bottom