News that the PlayStation 3’s security has been utterly crushed by a handful of dedicated hackers has dominated headlines in the gaming media this week. A collective known as fail0verflow has uncovered the PlayStation 3’s root key and in one swift stroke Sony's console has gone from being perhaps the most secure gaming platform of this generation to one of the easiest for pirates to exploit.

The gravity of the breach cannot be overstated: In the past, hacking consoles to run pirated games has been a convoluted process that requires a physical mod-chip and prohibitive technical expertise. What these hackers have uncovered potentially means that anyone could insert a pirated Blu-ray Disc bought for ten dollars at the local flea market and play it. By making the root key public, fail0verflow has allowed anyone to create their own firmware or certify any software, and the PlayStation 3 will happily run it as if it had been signed by Sony.

For those technically-minded and curious as to how fail0verflow uncovered the root key, the answer is fairly simple. A random number should be input into any equation used to create a cryptographically secure signature. In what can only be called a baffling security oversight, Sony used the same number every time. Doing so allowed the team at fail0verflow to reverse-engineer the equation to uncover the root key.

Sony cannot simply change the root key. If they were to do so, all the games that have been released for the PlayStation 3 to date would no longer work. Even if it were possible to patch the entire back catalogue of games, the cost would likely be astronomical. Some have suggested that Sony might be able to identify hacked consoles as they come online. Possibly, but as a great many consoles never connect to the Internet, it’s less than a half measure all the same.

The rest of us need only know this: There is no easy fix and both Sony and its partners in the videogame industry are facing the prospect of millions in lost revenue.

The videogame industry should well be upset with Sony over this news. After all, if piracy does take off on the platform it’ll be the game publishers who feel the revenue pinch first and hardest. For every game released on the PlayStation 3, that game’s publisher pays a licensing fee to Sony that includes protection measures against piracy. If those measures have been swept away, their past investments are also moot.

Speaking with GamesIndustry.biz, Massive Entertainment founder Martin Wolfisz said, “If that hack works as reported, I don't believe that Sony can regain any control.”

He continued, “The way the [PlayStation 3] seems to have been hacked, it is now completely open. The hackers can create pirated copies that completely mimic the official Sony digital signature, making it extremely easy to use pirated copies of games, without the need for any hardware chip modifications.”

Why these hackers turned their attention to the PlayStation 3 in the first place and the hypothetical ramifications of their actions have quickly turned into an ideological debate both within the gaming industry and amongst gamers themselves. One camp argues for digital rights and the need for businesses to protect their revenue models, and the other argues for the rights of consumers to use any product they’ve purchased any way they see fit.

The demonstrably talented individuals who have breached the PlayStation 3’s security have stated that they have no interest in piracy and their track record supports their claim. Their focus appears to be far more academic. When the PlayStation 3 launched it shipped with both the PlayStation 3 operating system and “OtherOS”, a feature that allowed users to install and run other operating systems such as Linux – albeit in a limited fashion. Last year, Sony removed OtherOS after a hacker named GeoHot suggested publicly that it would be the best avenue for breaking PlayStation 3’s security measures.

Continued on next page...