TheFloW will present a new PS4 Kernel Exploit at a security conference in May
Hacker TheFloW has confirmed he will be presenting a new PS4 Kernel exploit this year in May, at the TyphoonCon security conference in Seoul. The hacker hasn’t specified if a full disclosure of the exploit will happen at the conference, or just a “simple” demonstration. The exploit leverages bugs in the PS4’s implementation of the IPv6 protocol. It seems IPv6 has been a nice source of vulnerabilities for the scene.
TyphoonCon and new PS4 Kernel exploit by TheFloW
TyphoonCon is an annual security conference that was established in 2018. From their website:
TyphoonCon brings security researchers together for an extensive two-day world class conference, led by the industry’s leading experts, specialists and innovators.
TyphoonCon focuses on highly technical offensive security issues such as vulnerability discovery, advanced exploitation techniques and reverse engineering. TyphoonCon was
established with the belief in researchers wanting to share their research, discoveries and experience with other security enthusiasts out there.
It has been known for quite some time that TheFloW had something “big” for the PS4 and/or the PS5, as he announced it himself back in September 2023. Fresh rumors are stating that a Proof-of-concept crash that has been circulating, based on an old 2006 Network vulnerability, could be one of the vulnerabilities leveraged by TheFloW in this upcoming presentation.
This could match, considering the hacker has stated his attack is using the PlayStation’s Network Protocol:
This talk will be about successful exploitation of kernel vulnerabilities in a network protocol on the PlayStation 4 which is based on FreeBSD. I show how internals of the IPv6 protocol can be abused to achieve an information leak and to redirect control flow to get RCE with kernel privileges on the console. The exploitation strategies may also apply to XNU as they share very similar code. Moreover, this exploit enables a jailbreak without requiring a user entry point such as a WebKit exploit.
There’s a lot of information to unpack here, but the interesting point to the scene will be: This seems to be PS4 only (no mention of PS5), and will enable a Jailbreak. The current belief is that this could work up to Firmware 11.00, and that 11.02 patched “something”, but the actually impacted list of Firmwares hasn’t been confirmed by the hacker yet.
What about the PS5?
Surprisingly missing from the announcement is the PS5. To date, the only Kernel exploit publicly available for the PS5 is based on a vulnerability disclosed by TheFloW himself back in September 2022. Notably, that one was based on IPv6 vulnerabilities as well.
It was assumed that the hacker would be focusing his recent efforts on the PS5 (and that the PS4 was “cherry on top”). In particular, the PoC that’s been making the rounds also crashes the PS5. But it is possible that TheFloW has hit a bump in the road when it comes to attacking the PS5 with the same vulnerability, as the console is famously harder to hack than its older sister. That, or he simply chose to have fun with the PS4, a console he now knows in and out.
What do you do next?
If you have a PS4 and are hoping to get a fresh Jailbreak for it, the advice as always is to stay put, and in particular to stop updating the console. It is pretty much guaranteed that anyone running on 11.02 or higher will be out of the loop for this exploit.
From there, it is still unclear if and when the exploit will be disclosed. There’s good hope this will happen of course, but even when it does, it could be months before a successful Jailbreak is released (in recent history, TheFloW has let the actual implementation of a Jailbreak based on his disclosures as an exercise for the scene)
If you happen to be in Seoul on May 30-31, you might want to attend the TyphoonCon conference. Tickets are $400 for the two days (an expected price for this type of event) and details on the Conference, Andy’s talk, and tickets can be found here: https://typhooncon.com/playstation-4-kernel-rce-andy-nguyen/