A new Trojan horse claims to help make PlayStation Portable run homegrown software, but instead the malicious code turns Sony's game player into a useless "brick."
The malicious program, which Symantec has labeled "Trojan.PSPBrick," is aimed at a crowd of "modders," or people who seek to hack the portable device so that it can run custom code and official game cartridges.
The new Trojan claims to be software that can roll back a Sony upgrade that has made the device harder to hack. When people install it, the malicious software actually deletes key files and renders the PSP inoperable.
Australian judge says installing mod chips is legal.
"Basically the (PSP) is completely inoperable, and you've lost your device," said Eric Chien, the principal software engineer at Symantec Security Response. "It's called 'bricking.'"
However, Chien said the program is not likely to affect a wide audience, because most PSP owners aren't looking to alter their machines.
"The types of people who would be affected wouldn't be everyone who has gotten the PSP," he said. "It would be affecting the people who are trying to 'mod,' or update, their devices."
Still, while the numbers of people likely to be hit are low, the cost is high, Chien said.
"There's definitely people who have run it and are something on the order of $300 poorer now," he said. It's also an indication, Chien said, that virus writers are looking beyond the PC.
"People are writing malicious code for all kinds of devices," he said.
A Sony representative was not immediately available for comment. The company has said that running homebrew code will void the PSP's warranty.
PSP owners who have downgraded their PSPs using a 'legitimate' downgrader have nothing to worry about, but too many people who don't know what they are doing are now trying to alter their PSP's firmware and malicious coders are trying to take advantage of what used to be a very small group of PSP owners (made larger by the fact that nearly every PSP in existance now has the capacity to be downgraded).
My suggestion: For reputable PSP news, information, downloads, and guides, please go to <a class="jive-link-external" href="http://psp-news.dcemu.co.uk" target="_newWindow">http://psp-news.dcemu.co.uk</a>. These guys know everything about homegrown PSP software, so there should be no worries about harmful software coming from that site. This is not a plug, it's a suggestion.
Given the PSP's built in wireless and ad-hoc communications the chances that this trojan could become a full fledged wireless virus is not beyond the scope of reason.
Imagine if this code were to advertise itself as a peer-to-peer game to all PSPs within range and when you accept the "challenge" it installs on your PSP. After copying itself a set number of times it then executes it's payload and bricks the device.
Sony needs to get on this quickly and set up a BIOS fix that requires a user definable password to be entered before performing any sort of modifications to core operating files.
Here's the good news: PSPs are not multitasking devices. Playing a PSP game, watching a movie, or doing pretty much anything precludes you from running any code other than what's used for what you're currently doing. There really is no concievable way yet to get around this, especially wirelessly, unless someone were to find a buffer-overflow-ish type bug in the 'game-sharing' feature that would crash the PSP to allow malicious code to be run.
This could concievably be a problem if a number of people start running more custom apps that allow connections to be made, because these go around existing firmware/applications/games (For example, PSPRadio is a custom app that creates its own connection) and I think that a malicious hacker's best hope is to exploit a well-known and commonly-used homebrew, such as Lua. Still, most people are not connected to the internet with their PSPs most of the time (unless they life in San Francisco) and the Wi-Fi radio is almost always turned off unless it is in use.
I think the liklihood of an actual PSP 'virus' is about half as much as a PalmOS virus, and PalmOS really itself is not vulnerable either. (Windows CE/Mobile/etc. perhaps, but that's different.)
In everyday use, I keep the wireless device on my PSP switched off. I see no reason to keep it engaged if I'm not updating the firmware or playing a game with another player (something I have yet to do since I bought the system on launch+1).
is this damage irreversible? the article says key files are deleted. it's not possible that someone could rewrite those files to the firmware and restore the psp?
if sony refused to do that ("you violated the warranty"), i should expect that someone else could start a repair shop to do so for some reasonable price. i would be surprised if even our anti-fair use copyright law would allow sony to refuse to repair perfectly reparable hardware, and at the same time to block a third party for reinstalling software files onto a licensed device (remember, the psp owner does have a license for the files that are now deleted).
How many of you have fixed a problem for a friend. Have you ever wondered how stupid people are? I've seen people with 3 degree's download virus after virus looking for mp3's, porn and movies. I've also seen them install virus after virus masquarading as tool bars, IM icons, backgrounds, etc. Any one of these could also carry that paylode for you PSP. I don't own one, but I assume there is some method of attaching it to a PC to upload music or videos from legit sources. But even if they have to be written to a memory stick and installed that way, hiding a payload in what proports to be a demo, film clip or other seemingly legit thing a user might want on their PSP isn't going to be that difficult once a hacker decides it's "needed". I see A LOT of potential for this device to enter the business environment soon. Heck, with the web browser, I could recommend it for web mail users on the road. Give the movie playback features, many travelers would be interested in using it instead of some stupid cell phone video player. Heck, how about a voip client for it? Does it have a microphone along with it's speaker? With the level of processor in the box, and the quality of display, it's 3 times more likely to make it into my pocket than a pocket PC or Palm device. I've got several of them in my drawer right now.
Apple, Google, Microsoft, Amazon--all are targets for Mozilla's plan to use Web apps to free people from ecosystem lock-in. Also: new Firefox features aplenty.
The rise of Apple's stores is one of the past decade's great retail stories. So, why then does the company continue to creep back into the big-box outlets and will this hurt the brand?
The company helps small businesses with little tech savvy build apps easily, and now its partner Constant Contact will email-blast prospective users, too.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
*brick*
PSP Owner: "Hey, Sony, my PSP won't work..."
Sony: "Listen, we know you're all a bunch of software pirates... you had it coming."
PSP Owner: "I'm buying an Xbox 360 (or a GP32)."
Oscar Rat
My suggestion: For reputable PSP news, information, downloads, and guides, please go to <a class="jive-link-external" href="http://psp-news.dcemu.co.uk" target="_newWindow">http://psp-news.dcemu.co.uk</a>. These guys know everything about homegrown PSP software, so there should be no worries about harmful software coming from that site. This is not a plug, it's a suggestion.
Imagine if this code were to advertise itself as a peer-to-peer game to all PSPs within range and when you accept the "challenge" it installs on your PSP. After copying itself a set number of times it then executes it's payload and bricks the device.
Sony needs to get on this quickly and set up a BIOS fix that requires a user definable password to be entered before performing any sort of modifications to core operating files.
This could concievably be a problem if a number of people start running more custom apps that allow connections to be made, because these go around existing firmware/applications/games (For example, PSPRadio is a custom app that creates its own connection) and I think that a malicious hacker's best hope is to exploit a well-known and commonly-used homebrew, such as Lua. Still, most people are not connected to the internet with their PSPs most of the time (unless they life in San Francisco) and the Wi-Fi radio is almost always turned off unless it is in use.
I think the liklihood of an actual PSP 'virus' is about half as much as a PalmOS virus, and PalmOS really itself is not vulnerable either. (Windows CE/Mobile/etc. perhaps, but that's different.)
if sony refused to do that ("you violated the warranty"), i should expect that someone else could start a repair shop to do so for some reasonable price. i would be surprised if even our anti-fair use copyright law would allow sony to refuse to repair perfectly reparable hardware, and at the same time to block a third party for reinstalling software files onto a licensed device (remember, the psp owner does have a license for the files that are now deleted).
mark d.
I see A LOT of potential for this device to enter the business environment soon. Heck, with the web browser, I could recommend it for web mail users on the road. Give the movie playback features, many travelers would be interested in using it instead of some stupid cell phone video player. Heck, how about a voip client for it? Does it have a microphone along with it's speaker?
With the level of processor in the box, and the quality of display, it's 3 times more likely to make it into my pocket than a pocket PC or Palm device. I've got several of them in my drawer right now.