Major security issue (url spoofing) found on the Vita browser

Security researcher David Vieira-Kurz of website MajorSecurity.com recently reported a critical security issue on the PS Vita web browser. 2.05 is impacted as well, so technically all Vita owners are currently at risk with this issue.

The issue is a possibility to spoof the url displayed in the url bar through very simple javascript operations. This would allow a malicious website to let you believe you are accessing your bank’s website for example, or the PSN, and trick you into entering your credit card number, or some password that would immediately get stolen. More precisely, while the user sees something such as “playstation.com/psn” in their url bar, the real website serving the content can be anything such as “mymaliciouswebsite.ru/stealyourpassword”.

The vulnerability is extremely easy to put in place with a few lines of javascript, and a proof of concept page can be found on MajorSecurity’s website here. We tested and confirmed the issue is still here on 2.05. The security company contacted Sony several times back in January, but a patch has yet to be deployed.

Am I the only one concerned that Sony seems to be eager to fix our harmless homebrew exploits faster than actual security issues which would allow third parties to steal your personal information? I’m sure I’ll have fanboys go against me for that, but at the end of the day, how much credibility can we give to a service company that puts its own interests before that of its clients’ security?

If you’re running on 2.05 or less (which we currently all are), you are definitely at risk, so it is recommended that you don’t go to those fishy websites you use to enjoy on your vita… until Sony fixes the issue.

Oh, and as I’m sure some of you will ask… no, I don’t think anything here can be leveraged to turn this into a “useful” exploit for the scene :)

Source MajorSecurity (thanks to The people who mentioned it to me a looong time ago… I was away and didn’t have much time to confirm)

  1. Zyphs’s avatar

    So if i turn of javascript will it counter that risk or does the browser have a major flaw that i can’t counter?

    Reply

    1. wololo’s avatar

      Turning off javascript will remove the problem but seriously impact your browsing experience on many sites.

      Reply

      1. Zyphs’s avatar

        Ok, thanks i thought there was something stupid like you can’t turn of javascript because the vita browser was poorly coded or something.

        Reply

        1. wololo’s avatar

          Oh…errr, well it’s actually possible, I didn’t check if the option is actually available…
          edit: yeah, it’s possible to deactivate javascript on the vita browser

          Reply

  2. Will’s avatar

    Thanks for the heads up. Will avoid purchasing anything from Sony. See if that motivates them enough to pull their finger out and patch this ASAP.

    Reply

    1. yuuki’s avatar

      its known since nearly a week by now and no update

      Reply

        1. #18’s avatar

          Why these ACTUAL threats sony never patches, but a harmless homebrew app gets patched the next day?

          Reply

          1. Yes’s avatar

            The games are just removed from the PS Store. It usually takes several of weeks before Sony comes with an update that patches the game exploits.

  3. gunblade’s avatar

    Was thinkng about the browser probly the same for the outher vitas or iz the rwo o two updates diferent

    Reply

  4. Miotepx’s avatar

    Well, that’s useful to know.

    Reply

  5. gunblade’s avatar

    The update 2.____ was mostly network update i guess the 1.—- must have mostly be the emulatater.

    Reply

  6. Tha boss’s avatar

    Is this problem only on the New browser or also on the old psp version?
    Because then we would be able to use the psp browser as Tootal_noob Brings out his TN-V with a working browser.

    Reply

  7. quetz’s avatar

    this is horrible sony -____-

    Reply

    1. hgoel0974’s avatar

      Sony can’t do anything about it, it isn’t sony’s fault, it probably is in webkit (which most if not all modern web browsers are based on)

      Reply

      1. wololo’s avatar

        I disagree. The issue is probably a webkit issue (the same vulnerability was reported for iPhone a longtime ago), but Sony’s problem is that they are not updating to the latest version often enough. Last time I checked, their build was based on a 2 year old implementation of webkit, the one used in Android 2.1.

        Reply

        1. yyy’s avatar

          How do you check this?

          Reply

      2. gunblade’s avatar

        ? shityer then the ones they have one there phone sony need an update thought the was working on the a full size update not a 2.— patch update but i guess till there done with 2.Ooz update there one 2.— patchs wich is shity cuz even there first 2series update paatch had update save problems. ?Was it the same for older vita internet browsers.

        Reply

  8. The Z’s avatar

    You can avoid this bug, even at a lower firmware (like 2.02):

    http://www.youtube.com/watch?v=YuVWicediUc

    Reply

  9. Killface’s avatar

    ahhh nuts, i just upgraded my vita like literally 5 minutes ago… >:(

    Reply

  10. clicks’s avatar

    Hell, it’s not Sony’s money that could be lost so why would they put in any effort at all?

    Laziest developers on earth, they make DS flash cart makers seem on top of things.

    Reply

    1. andrew lytle’s avatar

      they would patch it so that they dont get sued or worst give anonymous (posers in my opinion) a reason to hack them again.

      Reply

    2. no’s avatar

      Why don’t you just go play with another console and gtfo?

      Reply

  11. hgoel0974’s avatar

    Interesting read, when I looked at it I was like OMG, the TIFF exploit thing is happening all over again! until I read “possibility to spoof the url”, we really need some random guy at google to find a remote code execution vulnerability :lol:

    Reply

  12. b2p1mp’s avatar

    I wonder if that .js gamesite that was spammed all around here is using the exploit?

    Reply

    1. b2p1mp’s avatar

      I suppose I could do some sniffing and see if there are any redirects happening on my vita. I think ethereal/wireshark/ or maybe even a web debug proxy could shed some light.

      Reply

  13. oO Flowzila Oo’s avatar

    Do they really want to go through this again?

    Reply

  14. Bronze_sword’s avatar

    Maybe it is not as easy to fix as you think, give them some time. It is not easy to get new fermware out, they need to test and fix code, who knows they might do a major update with it as well. I am not say be a sony fan girl, just hop off there dick so they can get stuff done. Understandible?

    Reply

    1. wololo’s avatar

      Nope. They got contacted a month ago. Security issues that critical should be fixed within 48h.

      Reply

  15. Negrodamus’s avatar

    If someone could come up with something to run 20 year old console games with this, it would be fixed in no time.

    Reply

      1. b2p1mp’s avatar

        So true.

        Reply

  16. Asmith906’s avatar

    So as anyone actually reported this to sony or are we just going to sit here and complain?

    Reply

    1. wololo’s avatar

      As I wrote in the article, the security company contacted sony twice about this already.

      Reply

      1. Asmith906’s avatar

        I swear I read that. I don’t know how I skipped over that part.

        Reply

  17. Really sony?’s avatar

    Dear sony…please patch the security problems.After that please make a contract with adobe or replace your vitaos vith android. ps:become international so i can buy games
    sincerely,f*ck you

    Reply

  18. Asmith906’s avatar

    Anyway this could be patched without a firmware update? Oh who am I kidding everything requires a firmware update :(

    Reply

  19. mb123’s avatar

    Ohhhh , not another update … I don’t care about this url spoofing b*11sh1t

    Reply

  20. Lai’s avatar

    that’s really alarming.. now sony will have another issue on this one and if the authorities will be able to find out, sony is in big trouble AGAIN..

    thanks for informing us wololo

    Reply

  21. vextype-0’s avatar

    wow this sucks im glad i didint update:)i got uno running my iso and homebrews ect cwcheat and tempar yeah baby tn-v:)

    Reply

    1. alpmaster007’s avatar

      You have TN-V?

      Reply

    2. alpmaster007’s avatar

      Your saying when tn-v is released?

      Reply

  22. gunblade’s avatar

    nice sumbody said sumthing i usaly cheack the url fo most fishing but cant tell much on the vita.. the should have used opera like the psp or sumthing fire fox would be old school….wish the vita was more like two Vaio UX jus lighter n mean azz a dell hybread jus a lill smaller but bateryy life nice..

    Reply

  23. poec’s avatar

    Keep calm and browse on your laptop… or smartphone…

    Reply

  24. gunblade’s avatar

    so i ened up on getting uno so thats nice price. Need more vita games.

    Reply

  25. Carlos’s avatar

    sony is going to use this as a way to blackmail us. The only way to have a secure system is to buy there stupid trend micro security or update and loose homebrew

    Reply

  26. Carlos’s avatar

    Hmm Is this possible? I dont know if anyone here remebers or knows about how the nds hacking scene used to be really big, they had custom made flashkarts that were hard disk replicas of a normal ds games that could contain custom firmwares allowing homebrew and even actual roms can. this be done to the vita by creating our own exploitable game or putting the custom firmware itself onto a hard disk?

    Reply

  27. Ddj123’s avatar

    Think of this:

    Oled HD touch screen (such a tv costs about €6000 to buy), quality build mini super computer, you now own tthe first generation so next generation models will only be more difficult to hack, a portable HD cinama movie player for on vacation, travelling or on your bed alone or with girlfriend attaching an external 11.000 Mah battery above 1ampere output will surely charge the vita wile using it (I know, tried iit, skype, HD games etc..

    What will be possible if a serious hack, cfw or mod chip comes? (Matter of time; were the often embarrassing secrets of the so powerful USA not made public for anyone with internet because of one small weakness uploading it undetectedly for a wile? do there not exist fake cola brands that taste the same or better than Coca Cola? Was the uncureable polio, smallpox, tuberculosis etc.. not fully cured one day by smart professors or are now often deadly diseases at the moment turned to often chronic diseases by taking a cocktail of medication and still live a long life? Who thought possible years ago a mini computer with internet, gps, livraries, music studio, combined in the form of a phone, to be also able to talk for free through the internet at country or continent distances and also see each other!? And this device is also been hacked!

    I can continue for longer, but you get the point..

    It is a matter of time before the vitagets hacked also because what then is possible:

    Windows 8(touch), emulators with more power, viewing tv and recording it, android, streaming movies or games from your laptop, HD homebrew games and apps like making it your portable security system linked with camera’s online or directly from your house controlling them, warning you and program tactical signals that keep the criminal busy for longer when the vita sent a distresssignal or call to the police with location, details like from the dark enhanced facial features, bodytype, weapon detection, eye scan to determine if under influence of drugs, if entered in threat zone activate sound alarm together with activation of multiple HD camera’s with flashes to scare the hell out of him together with simulated machine guns you prefer or other sounds programmed on the vita or directly choosing from your screens corner wile you switch cameras looking where he runs recording the whole schen in HD for inverstigating and/or to put his face on the wall of shame, youtube or somewhere else making the thief never mess with private property anymore or in jail with the help of your fully programmed psvita homebrew app..

    Or programmed to add an infra red sensor external or built in, to help you hunt better, or other equipment like radar together with its gps to make you navigate better at sea or fish and adjusting your wishes with the touch screen, an app to connect the vita to your motorised telescope; using its planetairy, star, exotic objects or galaxy database you choose from it’s screen connected to the internet to share the images through skype with your friends and getting updates from astronomy news events that are visible at that precise moment., or making it a weather station, connecting to your babyphone microphone and nightvisiion camera and recording the baby’s sound or movement for later times, of the baby cries selecting music, sounds or a recording of your own voice and remotely changing the light condition or activate certain flower aroma’s or detect ultrasound noise indicating there are mosquito’s in the room, all by an homebrew app adjustable on the vitas touch color screen.. Etc.. Etc..

    Or just as a multi media HD music player/studio wireless connected to your wireless headphone or stereo system controlling your music together with homebrew equaliser or enhancer.. Or have your music library on your computer, linking through 3G or even4G to your computer and listen to your favorite music or even movies or maybe photo’s or control your computer from a distance and already let your system start diwnloading the movies you want to see when you get home..

    Feed your cat or dog by activating your food dispenser unit to drop a chunk of dog grub for them to eat. Activate your robot vacuum cleaner. Or insect repeller.

    Of something other that is cool: Just do a custom case mod with leds that let your transparent buttons light up the way you program also making from your touchpad a fingerprint detector so only those whom you choose can touch your vita or it activates an alarm (with leds dancing, hehe..) that will warn them to put the device down in 30 seconds or the house alarm goes off.. Even build in rumble or vibration in it or connect a solar panel..

    Link it to a modificated car and program it for different performance modes; racing, night driving with extra protection, or more fuel efficiency or combined, together with up to date gps info and quick buttons if hungry to find food or gas, tumbling into sleep alarm, or even programming it to be like kit from the nightruder, hehe.. But you get my point..

    This is just a small part of what could be capable with the vita when hacked..

    People, hackers, nerds, gadget lovers.. Do these cool possibilities not make your heart beat a bit faster in another cool rhytm?

    P.s.v.i.t.a. = Programmable. Super. Versatile. Interactive.. Theme. Activator….

    A hybernating multi possibility waiting to unleash its true potential. Even the FBI, Police, Firefighters, consumers, nerds, artists, presidents, even sony employees, anyone will use the hacked vita’s possibilities, even you!

    Greetings,
    ddh123

    Reply

Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>