Custom Firmware Could Nab Your Credit Card Data

The internet exploded today with news of yet another apparent security catastrophe looming on Sony’s horizon. Suggesting credit card details sent to Sony in relation to PSN purchases were not secure in transit, tremors of concern and further facepalms reverberated around the technology press.


Thankfully, the initial reports seem to have been completely misconstrued (or lost in the noise of what looked like a hot story), with clarifications since coming to light regarding just what the hackers meant when they announced: “We are in your PSN, stealing your numbers.”

All money transactions sent to Sony across official firmware are secure. What the hackers were highlighting, however, is the possibility of dishonest customising code-monkeys creating a Custom Firmware, releasing it into the wild, only for the cracked platform to have a nefarious element lurking in the code, ready to strike as soon as hapless home-brewers/pirates/whatever install it on their PS3s.

This version could spoof certificates, engage custom DNS servers, and basically swindle its way into your credit card information. It then could easily send this data to the chuckling tea-leaf back at the mod mothership. You then check your credit card statement at the end of the month and those fifteen plasma-screens you bought and those wild foam parties you apparently had comes as something of a surprise.

As you’re entrusting your PS3 into the hands of someone who’s obviously engaging in the authoring of software that is designed to circumvent security measures, it’s hardly surprising this sort of thing is possible. Is it a tangible threat to those who wish to go down the route of custom firmware? It’s hard to say, but it is important to consider that anything is possible. After all, who’d have believed GeoHotz would release an anti-Sony rap song? And, stranger still, who’d have thought it would actually be quite good?

As always, TheSixthAxis thumbs its nose at circumventing Sony’s security. Piracy is bad. Don’t do it. Okay?

Source: Ars Technica



  1. You know what would be brilliant?
    If this was a Sony rumour…

    • lol i know what you mean all rumours involving sony is true.

  2. lol first time I have seen/heard that video. Made me laugh

    • Wait until next week. Something much, much better will be arriving…

  3. Thought about this a while ago, it happening I mean not actually doing it myself. Of course Sony could pretty much wash their hands of anyone that got caught out I guess, but in the end something nasty is bound to happen to all genuine account holders, something is a foot in the wind, I can feel it in my waters.

    • You want to see a doctor about that.

  4. Anyone willing to install custom firmware for piracy or online cheating deserves to have their security at risk. Oh, and rap is never good.

    • For online cheating, yes.
      For piracy, depending on the game, yeh. A P.O.S game like Black Ops deserves to get pirated on PS3 but games like LBP2, KZ3, GT5 etc don’t.

      • With Lee on this one. No game deserves to get pirated. That’s quite a special level of bitterness right there.

    • No game deserves to be pirated. Period.

      Just because a game is bad in someone’s opinion or is regarded as a “poor port,” all piracy harms the industry as a whole. You don’t get to pick and choose when common sense is and isn’t warranted.

      • Althogh i agree with you Kovacs, you have to wonder if the recent tactics by developers and sony attempting imo to rip us off with EAtax ect has caused bitterness and ultimately ruined itself, if that makes sense.

        basically i vent my fustration at the forums ect but people who know how to hack may have decided to hack the ps3 where as they otherwise might of felt a loyalty and not bothered

  5. Bit of a change from the original Ars story of never use credit/debit cards on the PSN.

  6. Finally a bit of resolution to a complete shitstorm of a story. The truth is that custom firmware could, in theory, do anything, but anyone installing it knows that anyway, they just won’t (potentially) know everything that’s involved in the code.

    Of course Sony encrypt your data, and shame on Ars for the initial run at the story, but the fact remains that should you decide to install your own code, you’re (again, potentially) risking your data.

    Same as with the PSP, mind, except nobody really bothered to run anything about that.

  7. Now this would be brilliant, not only will forums start seeing threads along the lines of
    “oh noez, my PS3 is banned for no reason, it sez i haxed but I haven’t, it was my dog” they’ll also add a final sentence saying that Sony fraudulently stole there credit/debit card details.

  8. Jesus Christ that guy fucking annoys me. Ok your are some super duper hacker guy, good for you.
    Regardless of your stance on cfw/hacking/home brew yadda yadda- this whole thing is getting in the way of what the console is all about: gaming.
    Sony releasing fw to patch the exploits made by these guys, just leads to one thing- hasle for everyone. I can’t be arsed with it.
    I don’t care if your interested in gutting your machine and playing games from 20 years ago, I don’t care if you want to make back ups of your games or copy games, I do care when it affects me, and releasing a fucking YouTube rap vid about how you are the last bastian of free speech is going the right way about me tracking you down and having a big fat dump on your pillow.

    Sick of it.

    • it annoys me how people are crediting this guy, for a video in connection of how he screwed genuine gamers over & ruined developers hard work.
      will also make this twit think he’s a admired for his behaviour. (unacceptable behaviour)

      • (sorry for db post)
        due to him & the selfish people who have used his idea, i have been waiting wks & wks for a mw2 security patch, before its safe (possibly safe) to play again. (mw an example, sure over titles/gamers are suffering also)
        maybe he should’ve been a rapper instead of a selfish, unconsiderate individual.

      • I do not admire GeoHotz. I do think that video is pretty awesome/beyond silly.

      • sorry i probably worded it wrong, rap was actually well put together.
        its more the replies on youtube that displeased me, as he will have viewed those, but those comments will most definitely come from users or admirers of his j.break.

        again apologies, his hacking actions get under my skin is all.

  9. Great video, lol
    I wonder if we might see new ToS which stipulate that Sony can’t take responsibility for any losses due to credit card fraud..

    • “Sony accepts no responsibility for the subsequent production and/or release of crazy rap videos as the result, directly or indirectly, of the release of this update. Fozizzle yo.”

  10. I Really don’t understand these custom firmware installing Muppets!.. Well I understand they want to pirate games and then claim all they want is to run emulators, backup their games and run their own code.. if you must emulate use a PC, emulators have been around on them forever. If you look after your disks you wouldn’t need to back them up. if you want to run your own code learn C++ Java Python and so on.

    We’ll be hearing about all the people with CFW who accidentally go on line and mysteriously had their console blocked by Sony for no reason.. I say Sony bring the ban hammer and make it a big one. As gordon_strange rightly said our consoles are for gaming, hacking and altering them is ruining online play for a lot of people though it is nice to see some developers now running their own versions of punk buster style software and banning from server side.

    People running CFW deserve to be banned from PSN, end of.

    • And to have their credit card details stolen too!

Comments are now closed for this post.