Threat Research

Does jailbreaking your PlayStation compromise its security?

Threat Intelligence Team, 1 October 2020

Avast IoT Lab research sheds light on the security risks related to jailbreaking gaming consoles

As Covid-19 has forced many of us to stay home more than usual, an increasing number has started looking for in-house entertainment. Putting it simply, people are gaming — a lot.

While some people have dug up their old Gameboys, others have stuck to the more traditional gaming consoles, including PlayStations. It might not come as a surprise that some gamers have actively been looking for ways to play their favorite PlayStation games, free of charge. 

Here's where device jailbreaking comes into play. It doesn't take much to find information on how to jailbreak a PlayStation — custom firmware and jailbreaks make up the largest, most propagated, and visible part of the PlayStation hack scene. And because PlayStation is a non-general-purpose computing system (gaming console), Sony wants to protect it from any unauthorized usage, including custom firmware installation.

What does jailbreaking mean for gaming console security?

When someone decides to jailbreak their device, a common question is whether or not the jailbreaking process will jeopardize the security of their device. With this question in mind, the Avast IoT Lab set out to gain an understanding of the security threats that affect users who act outside of the PlayStation Network (PSN), which is the official PlayStation user ecosystem.

To illustrate this, our team built our own custom firmware for the PS3 and tried to introduce code of our choosing. Overall, the team was surprised to find that it was a simple procedure, since there is a publicly available tool for creating custom firmware.

To read through the full custom firmware research and experiment carried out by the Avast IoT Lab, read through our report on Decoded.

Key takeaways from our research

When gamers install custom firmware in order to have more functionality (or, in this case, to get free games), they put the security of their PlayStation at risk. Moreover, because PlayStation is in the local network, they put their whole smart home at risk. 

PlayStation’s firmware is just like any other operating system, such as the one on a laptop or PC. If someone tampers with the firmware, they can gain control of the device. For example, they could make the device part of a botnet or use it to scan and attack other devices inside the network. Because there are no security clients for PS3, it’s nearly impossible to detect such activities. A surefire way to stay protected is to use a security solution that runs on the network level, like Avast Omni.

PlayStation is fun — but, like all technologies, it comes with risks. Our team's advice to gamers is to use the console in the ways that are intended, and they should be protected from malware and phishing campaigns. If they don’t, they're potentially putting their identity, privacy and security — and the identity, privacy, and security of everyone in their home — at risk.