Major security issue (url spoofing) found on the Vita browser

wololo

Been followin' the console hacking scene since 2006, I'm an old guy so get off my lawn!

You may also like...

Hey, reader. The ads below are not "inappropriate", they are computer-generated "popular topics on the web". Data doesn't lie. Don't blame me, blame mankind.

49 Responses

  1. Zyphs says:

    So if i turn of javascript will it counter that risk or does the browser have a major flaw that i can’t counter?

    • wololo says:

      Turning off javascript will remove the problem but seriously impact your browsing experience on many sites.

      • Zyphs says:

        Ok, thanks i thought there was something stupid like you can’t turn of javascript because the vita browser was poorly coded or something.

        • wololo says:

          Oh…errr, well it’s actually possible, I didn’t check if the option is actually available…
          edit: yeah, it’s possible to deactivate javascript on the vita browser

  2. Will says:

    Thanks for the heads up. Will avoid purchasing anything from Sony. See if that motivates them enough to pull their finger out and patch this ASAP.

  3. gunblade says:

    Was thinkng about the browser probly the same for the outher vitas or iz the rwo o two updates diferent

  4. Miotepx says:

    Well, that’s useful to know.

  5. gunblade says:

    The update 2.____ was mostly network update i guess the 1.—- must have mostly be the emulatater.

  6. Tha boss says:

    Is this problem only on the New browser or also on the old psp version?
    Because then we would be able to use the psp browser as Tootal_noob Brings out his TN-V with a working browser.

  7. quetz says:

    this is horrible sony -____-

    • hgoel0974 says:

      Sony can’t do anything about it, it isn’t sony’s fault, it probably is in webkit (which most if not all modern web browsers are based on)

      • wololo says:

        I disagree. The issue is probably a webkit issue (the same vulnerability was reported for iPhone a longtime ago), but Sony’s problem is that they are not updating to the latest version often enough. Last time I checked, their build was based on a 2 year old implementation of webkit, the one used in Android 2.1.

      • gunblade says:

        ? shityer then the ones they have one there phone sony need an update thought the was working on the a full size update not a 2.— patch update but i guess till there done with 2.Ooz update there one 2.— patchs wich is shity cuz even there first 2series update paatch had update save problems. ?Was it the same for older vita internet browsers.

  8. The Z says:

    You can avoid this bug, even at a lower firmware (like 2.02):

    http://www.youtube.com/watch?v=YuVWicediUc

  9. Killface says:

    ahhh nuts, i just upgraded my vita like literally 5 minutes ago… >:(

  10. clicks says:

    Hell, it’s not Sony’s money that could be lost so why would they put in any effort at all?

    Laziest developers on earth, they make DS flash cart makers seem on top of things.

  11. hgoel0974 says:

    Interesting read, when I looked at it I was like OMG, the TIFF exploit thing is happening all over again! until I read “possibility to spoof the url”, we really need some random guy at google to find a remote code execution vulnerability :lol:

  12. b2p1mp says:

    I wonder if that .js gamesite that was spammed all around here is using the exploit?

    • b2p1mp says:

      I suppose I could do some sniffing and see if there are any redirects happening on my vita. I think ethereal/wireshark/ or maybe even a web debug proxy could shed some light.

  13. oO Flowzila Oo says:

    Do they really want to go through this again?

  14. Bronze_sword says:

    Maybe it is not as easy to fix as you think, give them some time. It is not easy to get new fermware out, they need to test and fix code, who knows they might do a major update with it as well. I am not say be a sony fan girl, just hop off there dick so they can get stuff done. Understandible?

  15. Negrodamus says:

    If someone could come up with something to run 20 year old console games with this, it would be fixed in no time.

  16. Asmith906 says:

    So as anyone actually reported this to sony or are we just going to sit here and complain?

  17. Really sony? says:

    Dear sony…please patch the security problems.After that please make a contract with adobe or replace your vitaos vith android. ps:become international so i can buy games
    sincerely,f*ck you

  18. Asmith906 says:

    Anyway this could be patched without a firmware update? Oh who am I kidding everything requires a firmware update :(

  19. mb123 says:

    Ohhhh , not another update … I don’t care about this url spoofing b*11sh1t

  20. Lai says:

    that’s really alarming.. now sony will have another issue on this one and if the authorities will be able to find out, sony is in big trouble AGAIN..

    thanks for informing us wololo

  21. vextype-0 says:

    wow this sucks im glad i didint update:)i got uno running my iso and homebrews ect cwcheat and tempar yeah baby tn-v:)

  22. gunblade says:

    nice sumbody said sumthing i usaly cheack the url fo most fishing but cant tell much on the vita.. the should have used opera like the psp or sumthing fire fox would be old school….wish the vita was more like two Vaio UX jus lighter n mean azz a dell hybread jus a lill smaller but bateryy life nice..

  23. poec says:

    Keep calm and browse on your laptop… or smartphone…

  24. gunblade says:

    so i ened up on getting uno so thats nice price. Need more vita games.

  25. Carlos says:

    sony is going to use this as a way to blackmail us. The only way to have a secure system is to buy there stupid trend micro security or update and loose homebrew

  26. Carlos says:

    Hmm Is this possible? I dont know if anyone here remebers or knows about how the nds hacking scene used to be really big, they had custom made flashkarts that were hard disk replicas of a normal ds games that could contain custom firmwares allowing homebrew and even actual roms can. this be done to the vita by creating our own exploitable game or putting the custom firmware itself onto a hard disk?

  27. Ddj123 says:

    Think of this:

    Oled HD touch screen (such a tv costs about €6000 to buy), quality build mini super computer, you now own tthe first generation so next generation models will only be more difficult to hack, a portable HD cinama movie player for on vacation, travelling or on your bed alone or with girlfriend attaching an external 11.000 Mah battery above 1ampere output will surely charge the vita wile using it (I know, tried iit, skype, HD games etc..

    What will be possible if a serious hack, cfw or mod chip comes? (Matter of time; were the often embarrassing secrets of the so powerful USA not made public for anyone with internet because of one small weakness uploading it undetectedly for a wile? do there not exist fake cola brands that taste the same or better than Coca Cola? Was the uncureable polio, smallpox, tuberculosis etc.. not fully cured one day by smart professors or are now often deadly diseases at the moment turned to often chronic diseases by taking a cocktail of medication and still live a long life? Who thought possible years ago a mini computer with internet, gps, livraries, music studio, combined in the form of a phone, to be also able to talk for free through the internet at country or continent distances and also see each other!? And this device is also been hacked!

    I can continue for longer, but you get the point..

    It is a matter of time before the vitagets hacked also because what then is possible:

    Windows 8(touch), emulators with more power, viewing tv and recording it, android, streaming movies or games from your laptop, HD homebrew games and apps like making it your portable security system linked with camera’s online or directly from your house controlling them, warning you and program tactical signals that keep the criminal busy for longer when the vita sent a distresssignal or call to the police with location, details like from the dark enhanced facial features, bodytype, weapon detection, eye scan to determine if under influence of drugs, if entered in threat zone activate sound alarm together with activation of multiple HD camera’s with flashes to scare the hell out of him together with simulated machine guns you prefer or other sounds programmed on the vita or directly choosing from your screens corner wile you switch cameras looking where he runs recording the whole schen in HD for inverstigating and/or to put his face on the wall of shame, youtube or somewhere else making the thief never mess with private property anymore or in jail with the help of your fully programmed psvita homebrew app..

    Or programmed to add an infra red sensor external or built in, to help you hunt better, or other equipment like radar together with its gps to make you navigate better at sea or fish and adjusting your wishes with the touch screen, an app to connect the vita to your motorised telescope; using its planetairy, star, exotic objects or galaxy database you choose from it’s screen connected to the internet to share the images through skype with your friends and getting updates from astronomy news events that are visible at that precise moment., or making it a weather station, connecting to your babyphone microphone and nightvisiion camera and recording the baby’s sound or movement for later times, of the baby cries selecting music, sounds or a recording of your own voice and remotely changing the light condition or activate certain flower aroma’s or detect ultrasound noise indicating there are mosquito’s in the room, all by an homebrew app adjustable on the vitas touch color screen.. Etc.. Etc..

    Or just as a multi media HD music player/studio wireless connected to your wireless headphone or stereo system controlling your music together with homebrew equaliser or enhancer.. Or have your music library on your computer, linking through 3G or even4G to your computer and listen to your favorite music or even movies or maybe photo’s or control your computer from a distance and already let your system start diwnloading the movies you want to see when you get home..

    Feed your cat or dog by activating your food dispenser unit to drop a chunk of dog grub for them to eat. Activate your robot vacuum cleaner. Or insect repeller.

    Of something other that is cool: Just do a custom case mod with leds that let your transparent buttons light up the way you program also making from your touchpad a fingerprint detector so only those whom you choose can touch your vita or it activates an alarm (with leds dancing, hehe..) that will warn them to put the device down in 30 seconds or the house alarm goes off.. Even build in rumble or vibration in it or connect a solar panel..

    Link it to a modificated car and program it for different performance modes; racing, night driving with extra protection, or more fuel efficiency or combined, together with up to date gps info and quick buttons if hungry to find food or gas, tumbling into sleep alarm, or even programming it to be like kit from the nightruder, hehe.. But you get my point..

    This is just a small part of what could be capable with the vita when hacked..

    People, hackers, nerds, gadget lovers.. Do these cool possibilities not make your heart beat a bit faster in another cool rhytm?

    P.s.v.i.t.a. = Programmable. Super. Versatile. Interactive.. Theme. Activator….

    A hybernating multi possibility waiting to unleash its true potential. Even the FBI, Police, Firefighters, consumers, nerds, artists, presidents, even sony employees, anyone will use the hacked vita’s possibilities, even you!

    Greetings,
    ddh123

  1. May 4, 2014

    Security routers

    Major security issue (url spoofing) found on the Vita browser · Wololo.net

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>