PlayStation Now Bug Leading to RCE Attacks
Competing against Microsoft’s Xbox Game Pass, Sony has introduced a similar cloud gaming subscription service called PlayStation Now in 2014, which has more than 2.2 million subscribers now. Since popular, it could become one of the favorite targets for hackers. Also, Read- Sony Announces Bug Bounty Program For PlayStation 4 Worth $50,000 Thus, PlayStation has set up a bug bounty program on HackerOne earlier this year in hopes of rewarding bug hunters who privately disclose critical bugs in their network and gadgets. This led a bug hunter named Parsia Hakimian to submit an RCE bug in PlayStation Now (PS Now) on May 13th, which was resolved by PlayStation a month later.
— Parsia Hakimian (@CryptoGangsta) December 4, 2020 He described the bug affects PS Now versions 11.0.2 and earlier on computers running Windows 7 SP1 or later. He noted the bug is an insecure Electron app, which, if exploited, exposes users to RCE attacks. He described that “Any website loaded in any browser on the same machine can run arbitrary code on the machine through a vulnerable WebSocket connection.” Thus, an attacker can send a malicious script to users through any channel and lure them into clicking it. After opening it, it connects to the WebSockets of users’ devices. He explained that the JavaScript loaded by AGL will be able to spawn processes on the machine. Thus, it can “lead to arbitrary code execution” since the “AGL application performs no checks on what URLs it loads.” The flaw of the AGL WebSocket not checking the origin header or request origins of a file is the catch. PlayStation awarded him with a $15,000 bounty for reporting this. Also, Read- Sony’s Electric Vehicle Vision S Surprised Everyone More Than PS5