On November 8, failOverflow reported finding the PS5 root keys for symmetric encryption. At first glance, this find may seem harmless as it will not directly provide code execution privileges. These keys only serve to keep the firmware confidential. In addition, since this report, the internet remained rather silent on the topic, so this may seem like an innocent isolated incident.
However, this silence may be treacherous, and the news actually deserves a better understanding of the problem. Let us first discuss the function of firmware encryption. The encryption does not authenticate the source or integrity of the software; this is what signatures do (and the signing key is not exposed). Encryption protects confidentiality, which serves two purposes: 1) to protect the IP of the vendor and 2) to hide security vulnerabilities. While the first reason has value, the second reason is becoming more important.
Like any product type, the software in game consoles is growing along with Moore’s law. The PS5 firmware is about 1 Gb in size. This corresponds to about 50 million lines of code. Like any human activity, software development is prone to errors, including security vulnerabilities. The number of vulnerabilities depends on the maturity of the code and its developers, but 1 vulnerability per 1000 lines of code is a ballpark figure that is often used. With the size of the product, it can be expected that the PS5 must contain many vulnerabilities. Fortunately, only a few may be exploitable, and they remain innocent until discovered.
So, how are software vulnerabilities in products discovered? In many cases, they are discovered by massive penetration testing, sometimes even supported by bug bounty programs. But, when time is limited, security specialists prefer using binary or source analysis to uncover exploitable vulnerabilities. While this too can be laborious, it is more effective than pure pentesting and will likely succeed with sufficient determination. This is why exposure of the encryption keys is expected to lead to finding more vulnerabilities.
Fortunately for the vendor, failOverflow did not publish the key. This will give the vendor time to address the problem. However, others may be inspired by the news, and a growing army of reverse engineers may be hunting for vulnerabilities already. Also, exposed root keys cannot be unexposed. The case proves that using global root keys is a bad idea, and the vendor may need to move to personalized encryption keys and potentially even personalized software implementations. Such a big move is unlikely in the short term, so we should anticipate more vulnerabilities for the PS5 in the coming year.