Cyber threats 2014: Serious vulnerability in Sony PlayStation Network

Posted: November 2, 2014 in Vulnerability News
Tags: , ,

sony psn hackedA serious vulnerability in the PlayStation Network service

A critical vulnerability (SQL-injection) revealed in PlayStation Network. The flaw allows an attacker to gain access to Sony’s customer data.

Experts in the field of cyber security have warned that in the Sony PlayStation Network was discovered a serious vulnerability. As reported at Golem.de, service from Sony is vulnerable to SQL-injection, which allows an attacker to gain data from PSN users.

The error was detected by the expert Aria Akhavan. A hacker can visit the Sony’s support site and using a modified parameter in the URL of the resource, view the contents of a database in a browser window. The expert reported the results of their work in Sony, but never received a response.

PlayStation Network security constantly raises users’ concerns. So, in 2011, the service was hacked, resulting in 77 million users accounts to have been stolen, and the PSN servers were unavailable for 24 days. The incident led to several major investigations and of lawsuits in several countries. Fortunately, the stolen information is no longer pops up in the network. It is also worth noting the recent hacking of PSN, which occurred in August.

While some users have become accustomed to hacking of PSN and periodic outages of service, the iCloud celebrity photo leaks, shows once again how dangerous any hacking can be. The gaming community have not yet experienced the this situation, but the threat level remains high. The damage that can be done to online-games, will be incalculable.

Video below: As New PSN Hack Leaks Personal Info

Vulnerability: A critical SQL injection in Sony PlayStation Network service

Danger level: Critical
Availability of fixes: No
Number of vulnerabilities: 1

Vector of operation: Remote
Impact: SQL injection, Disclosure of sensitive data, Security Bypass

Affected products: PlayStation Network

Description:
A critical SQL injection vulnerability found on Sony PlayStation Website. This critical vulnerability allows access to user data on Playstation Networks.

References: http://www.golem.de/news/sql-injection-…-1410-110199.html

Note: users begin to report of console crashes and glitches following the “Masamune 2.0” system update.

Sony PlayStation Network

Comments
  1. Sergey Gor says:

    I figured they had already learned their lesson about SQL Injection vulnerabilities a few years ago.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s