I’ll be honest, we’ve been reluctant to talk about this, even if it’s been announced a week ago. Because it could be false hope: it wouldn’t be the first time a hacker (or group of hackers) reveals some demo of a console Jailbreak during a conference, leaving out the necessary details to actually call it a disclosure.

But… it seems the scene have decided this is very important news, with the buzz coming to our ears as well, so we don’t want to appear like we don’t care: this could be huge news, or it could be nothing, but here goes.

TheFloW is scheduled to speak at infosec conference Hardwear.io late next week. Although the conference won’t be live online, there’s good hope the talk will be recorded and released on Hardwear.io’s youtube channel afterwards.

It’s pretty clear the talk will be about PS5 Jailbreak, based on some of the follow up tweets that the conference organizers have posted.

Well..Well! Most of you got it right, few quite close to what’s going to happen at Andy’s talk

😉For sure its going to be an exciting discovery!https://t.co/2Gd3lM7M3X

— hardwear.io (@hardwear_io) June 1, 2022

TheFloW’s hack of PS5 in Late 2021, likely to be the topic of his presentation

The talk will most likely be in direct reference to the hacker breaking the PS5’s security late last year. How much he will choose (and is allowed to by Sony) to disclose remains to be seen however. In my short experience in the world of console Jailbreaks, everyone wants to be the first to demonstrate they “did it”, but there are legal consequences to disclosing the actual technique.

With that being said, it’s very likely Sony have patched the vulnerability (or vulnerabilities) through the bounty program, and that could mean TheFloW will reveal actual details on how he did it. The developer also has a good track record of actually releasing extensive writeups and proof-of-concepts of his exploits, so your collective guess is as good as ours.

If so, the exploit would most likely work on older PS5 firmwares, with 4.03 being a likely candidate as it’s the highest firmware that can run a known Webkit exploit, which would be a good entry point for further privilege escalation on the console.

We’ll most likely know more by end of next week, so stay tuned!