The hacker team Fail0verflow managed to detect vulnerabilities in the PlayStation VR headset. In particular, the researchers were able to bypass the secure download and extract all the key materials.
PlayStation VR (PSVR) is a virtual reality helmet from Sony Interactive Entertainment for the PlayStation 4 game console. According to Fail0verflow, they took up hacking the headset after Sony promised that it would be compatible with the new PlayStation 5 console. Hackers hoped that through PSVR they would eventually be able to hack the console itself. Although they never succeeded, working with the headset “was quite fun.”
“Who knows, maybe the attack surface will be useful in some way,” the hackers said.
It is worth noting that earlier the Fail0verflow team was already able to successfully hack the PS5, but in a different way.
A full technical description of the PSVR hack can be found on the Fail0verflow blog. However, the most remarkable discovery of hackers was that some functions that can be accessed via the PCIe interface allowed them to decrypt and copy the firmware image into readable memory. Thanks to this, the team managed to gain access to all PSVR keys stored in downloaded trusted applications.
Moreover, the researchers were able to bypass the authentication mechanism through vulnerabilities in FIGO (a coprocessor in the Marvell 88DE3214 chipset) and use any programmable device as a PSVR headset.