George “Geohot” Hotz is a hacker most well known for jailbreaking the iPhone. Recently he, along with a group known as fail0verflow, successfully hacked the Sony Playstation 3.
According to both Hotz and many of the other hackers involved, the hack was primarily in response to the Playstation 3 having Linux (OtherOS) removed. And, although the PS3 had not been hacked for several years prior to that (making it the only console to not be hacked at the time), relative to the time they dropped linux, they were hacked in about the same time frame as the Xbox 360.
The history goes that George Hotz was given a PS3 slim by a friend in order to try to see if OtherOS was still capable of being run on the system since the older models (fat models) had this feature, but the newer ones did not.
George Hotz was successful with getting OtherOS to work properly on the slim model, but Sony got wind of his activity and soon after removed OtherOS support from the older units as well. When the firmware was applied not only did it result in some bricked PS3’s (which I believe Sony is still being sued for), but it made a good portion of the hard drive (which was reserved for OtherOS) unusable. On top of this many people had purchased the PS3 over an Xbox 360 because of this feature to use the PS3 as a PC (albeit in a limited capacity).
Currently Sony is being sued for fraud, this being their defense:
The real question is why Sony decided to remove OtherOS functionality at all. It’s true that the remove of OtherOS from the fat models was probably in response to Geohot’s hack, but why remove it from the Slim models? This is the official response from Sony:
This makes the most sense, but many will blame Geohot for the removal, when it is obvious from this statement that Sony simply didn’t want the additional upkeep. They most likely used Geohot’s hack as an excuse to remove OtherOS support from the fat models to lessen consumer backlash.
This is when hackers got truly interested in hacking the PS3 and it was soon after this that Geohot began releasing some information about a hardware hack, but, because people continued to blame him for the removal of OtherOS, he nearly gave up on hacking the PS3.
A few months later a hacking group from Australia used Geohot’s hardware method to find a vulnerability in the PS3, allowing it to run unsigned code (code not authorized by PS3) from a special USB dongle.
The device, dubbed the PSJailbreak, was sold to allow players to back up games to an external or internal hard drive and execute unsigned code.
While this device could be used for piracy, it did have legitimate uses for those interested in creating homebrew software.
The PSJailbreak team was issued a cease and desist from Sony, and Sony released a firmware update which pretty much prevented the device from working with newer games. This update also caused a number of third party controllers to stop functioning.
Although many saw this as a triumph for Sony, it was clear to those in the scene that it was only a matter of time now.
And that is what happened.
Fail0verflow made an announcement they had hacked the PS3 and at 27C3 demonstrated their hack. What was most surprising was they had actually cracked the cryptography key Sony used to sign games (the random number generation method called actually always returned 4 instead of generating a random number). This meant that the damage could not be staved off by a simple firmware revision and also meant that Sony had the weakest security of any of the consoles. Any change to the way Sony signs software would make all previous software incapable of running on that newer hardware (or updated firmware).
It was noted at the conference that Sony had received a pass from hackers for a long time because it had included OtherOS.
You can watch the conference here:
Keep in mind, although the code released by fail0verflow could be modified and used for piracy (and it was eventually), the original code was not capable of running back ups of games and was primarily used for installing a custom version of Linux and other custom software (homebrew).
Bushing, who is part of fail0verflow and someone I have had dialog with in the past, actually works on another hacking project for the Wii (HackMii/BootMii). In that project steps have actually been taken to prevent people from using their software for nefarious purposes (although they have proven mostly ineffective).
So having this information, should Geohot go to jail? Has he or fail0verflow broken DMCA laws? Keep in mind that recently a court decision found jailbreaking the iPhone legal. Does this situation differ all that much? Should I be restricted from using hardware that I paid for any way I want as long I am not pirating software? If someone does pirate software, should we be blaming the hackers who did not have any intentions of pirating?
While they may have facilitated piracy to some extent, how does this differ from a computer science teacher explaining software security to students and providing them with the knowledge to not only protect their own software but crack software of others?
What about the knowledge to modify a gun into an illegal firearm. Certainly the information to do this isn’t illegal, but the actual act of modifying the firearm is.