Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.

Aapo on HackerOne's PlayStation Hacktivity Critical Vulnerability Report

PS4 Jailbreaking       Thread starter PSXHAX       Start date Jan 18, 2024 at 1:45 PM       9      
Status
Not open for further replies.
Recently cybersecurity researcher Aapo was awarded a $50,000.00 Bug Bounty for his PlayStation Hacktivity Report as part of Sony's HackerOne Program, and similar to TheFloW's promised Disclosure he took to Twitter as AapoOksman stating the following about the critical vulnerability discovered, to quote:

"There is a lot of speculation going around the report, but I'm planning on releasing more information at a later point in time.

Would you like to see me present my findings at a security conference this year? Any suggestions on what conferences I should submit a CFP for?"

Whether it's GeekPwn, Chaos Computer Club (CCC), Zer0Con, Tencent Security Conference, REcon Brussels, Black Hat Europe, SSTIC, Hexacon, Hardwear Security Conference among other tech conferences we look forward to Aapo Oksman sharing further details on his discovery at an upcoming event. :geek:

DEF CON 31 - Certmitm Automatic Exploitation of TLS Certificate Validation Vulns - Aapo Oksman
Aapo on HackerOne's PlayStation Hacktivity Critical Vulnerability Report.png
 
Click to expand...
PSXHAX
PSXHAX
Live in Your World, HAX in Ours!
Hello World! I've been reporting on Sony PlayStation hacking news since 2000 and started PSXHAX in 2014 to cover PlayStation (PSX), PlayStation 2 (PS2), PlayStation 3 (PS3), PlayStation 4 (PS4), PlayStation Portable (PSP), PlayStation Vita (PS Vita), PlayStation TV (PS TV) and next-gen PlayStation 5 (PS5) platforms along with anything else of interest.

Click on my UserName author link above and you'll be able to view a curated list of all the articles I've contributed thus far to PSXHAX.COM.

If you enjoy gaming and would like to write (unpaid) for this site, Contact Us and we'll be happy to have ya join our Authors! :)

Comments

I think it's more enticing for bug hunters to aim big, as jailbreak being user-trigerred, targets clients with their will, so mitigations could only be adressed with updates, double-acting as protection against malicious homebrew devs and backups.

$10k max bounty for not making it public I'd say it's ok for dev, on paper, more so for Sony but Transport Layer Security vulnerabilities could impact credit card data during secured connection between PSN and end user, so you buy something from them, and there are slim chances that someone behind your house's wall got all the traffic, with rtx 4090 clusters your wi-fi password becomes a joke.

So yeah, $50k sounds like a lot, but you have to either be lucky or output a God's level of work.
 
Not sure but is 6.72 the best most stable ps4 version? Or should I update? I'm currently on 6.72 and it's been a while since I had done an update
 
with all such hype, site masked the amount awarded to the participant to avoid all our speculation and ETA's .. lol ;)
 
@Bulditmu 6.72 is stable, however i've been on 9.00 for a good long time now and it's been real stable for me, stay as low as possible but that's on you, either way don't update past 9.00 period.

btw this is just cert sniffing/bruteforcing, awesome tool to do so. but if you can sniff the proper certs, and or bruteforce your own and have them accepted as valid certs then you can interact with any device like your the actual server whose certs you have sniffed or bruted, which in a nutshell could be useful for information or gaining access to data that you shouldn't have.

i personally don't believe this will actually be useful for the jb community unless we can use this to talk to our consoles as if we were '$0NY' in a way that would be useful to us.
 
Status
Not open for further replies.

PSXHAX Categories

PS4 Jailbreak Status
PS5 Jailbreak Status

Latest Forum Topics

Share This Page

Back
Top