The PS4’s Wi-Fi chip reportedly has multiple vulnerabilities… but they’re not exactly new
Zecoxao reported today that the Wi-Fi chip used on the PS4 (of Marvell Avastar brand) is vulnerable to multiple security issues. He adds that the firmware is available in plaintext on the PS4 sflash, and unsigned. However the bugs were reported in 2019, so it’s unclear if they could be of any use today for PS4 hacking.
PS4 – What could be done with a Wi-Fi vulnerability?
In the CVE from 2019 (wow…) the Zecoxao mentions, we learn that the Marvel Avastar brand of Wi-Fi chips is vulnerable to multiple security vulnerabilities. This impacts a wide range of SoCs from the brand (according to the CVE, at least models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997), which includes the chip used on the PS4 (88W8797, possibly 88W8797 on some models, see: https://www.psdevwiki.com/ps4/Wireless).
Now, a vulnerable component on the PS4 console in itself is probably not enough to gain control of the console (the PS4 Kernel doesn’t automatically trust its peripherals, after all). However, it is a possible entry point for further privilege escalation. In other words, if leveraged properly, this could have some use, similarly to a Webkit bug, as a usermode vulnerability used in a larger exploit chain (i.e. a PS4 Jailbreak).
Additionally, we’ve known for a while that the Wi-Fi firmware on the PS4 is unencrypted.
PS4 Marvell Wi-Fi vulnerability – why talk about a 2018 exploit?
This vulnerability is resurfacing today, following a Tweet by scene veteran Zecoxao. There doesn’t seem to be anything “new” recently that justifies mentioning this vulnerability now, although, from what I can tell, this wasn’t covered by any PS4 scene website back then (including yours truly), which is probably why it’s catching the scene’s attention today.
That’s a 2019 CVE. Is anything new, or did we simply miss something huge back then ?
— Wololo (@frwololo) January 18, 2023
BetterWayElectronics mentions it’s possible to downgrade the PS4 Wi-Fi firmware (not entirely surprising since it’s unencrypted), so technically if something is doable with those vulnerabilities, it could impact even more recent PS4s.
My gut feeling is that the “right” people have already seen this a while ago, and if it was useful, we would have known about it by now. But I’ve been very wrong in the past, a lot, so who knows.
I saw his tweet and yours – i really hope this vulnerability works. I’m at 9.60 and can’t wait.
Interesting news, hope there will be a new breakthrough in hacking ps4 when welcoming the year 2023 after the 9.00 jailbreak has been released for quite a long time.
will this avastar lead to cfw to bootloader or dual-boot or singleboot different os ?
no molecularshell or vitashell on ps4 as part os the exploit ? multiman is far off
needs work on the webkit why not wifi
im really more curious about a modchip that has the bootloader tho :p
You have been very wrong in the past, indeed.
I m playing this game for the last couple of days and love it.
Always good to see news like this, if not people might just give up looking. Take the psx softmod, after 27 YEARS! its articles like this that inspire people to go back and look again.