How Custom Firmware Can Put Your PS3 At Risk

What you're about to read is far from a wide-ranging concern. But it does highlight one legitimate reason Sony has for going after PS3 users installing their own custom firmware on their PlayStation 3 consoles.

A report on Ars Technica, showcasing some digging at the edge's of the PlayStation Network performed by a team of hackers, reveals that if you start using custom firmware on your PS3, there's a slight risk that it'll leave your console (or, to be more precise, your PSN information) vulnerable to theft.

How is this possible? A standard PS3 communicating with the PlayStation Network is entirely secure. Your important information - especially your credit card details - are safe from prying eyes. But that's only if you're using an unmodified PlayStation 3.

Users installing custom firmware, on the other hand, are leaving themselves open to the possibility of attack, as this security isn't there when you foresake Sony's own updates. As the report states:

The concern raised by the hackers is that custom firmwares could subvert this system. A custom firmware can include custom certificates in its trusted list. It can also use custom DNS servers. This raises the prospect of a malicious entity operating his own proxies to snaffle sensitive data. He would distribute a custom firmware that had a certificate corresponding to his proxy, and that used a DNS server that directed PSN connections to the proxy. His proxy would decrypt the data sent to it, and then re-encrypt it and forward it to the real PSN servers.

This data would basically be everything your PS3 sends to the PlayStation Network. While most of this is relatively harmless (like trophy data), some of it (like credit card info and your address) is not.

Now, as I said at the start, this isn't a serious concern for everyone. You would have to download and install malicious firmware for this to happen, and those using Sony's own updates (or custom firmware somehow proven to be "OK") would be fine.

But even the possibility of that kind of information being lifted is enough for Sony to say "we told you so", as one of its big defences in going after PS3 hackers is the position that Sony's security system is there for a reason: to protect the consumer.

Report: PSN hacked, custom firmware could pose security risk to users (UPDATED) [Ars Technica]