Friday, January 14, 2011

The costly anti-piracy lesson Sony failed to learn from Microsoft

Sony is in the news right now. It has taken several security researchers to court, after they released code circumventing the company's digital rights management (DRM) technology. Unfortunately for Sony, this problem could have largely been avoided had it learned from Microsoft's lessons.

The Sony Playstation 3 caught the eye of the technical community when it first came out. The IBM Cell microprocessor is absolutely fantastic at floating point math, which in addition to calculating pretty video game graphics, makes it a great platform for bioinformatics, brute force cryptography, and astrophysics. Sony long encouraged these alternate uses for the PS3 platform, by including the OtherOS feature in its software, which made it easy to install Linux.

Unfortunately for those users who quite liked being able to use their living room game console as a mini-supercomputer, in April 2010, Sony took away the feature with the release of the 3.21 firmware update. Users were thus given a choice. If they kept the old firmware, they got to keep using Linux, but lost access to Sony's Playstation Network, and the ability to play games online. Alternatively, users could upgrade the firmware, keep playing new titles, but lose access to the Linux functionality.

Many users were unsurprisingly angry, and some even sued the company. Other users took matters into their own hands.

Fast forward to December 2010, when a team of European security researchers revealed that they had broken the Playstation 3's cryptographic code signing technology (which stopped software running on the platform unless Sony had blessed it). The video of the talk is worth watching (part 1, 2, 3), but the most interesting thing for me came later, in a comment posted by one of the researchers to the geek news site
However, as a whole, the entire PS3 architecture is terrible. Especially after breaking it open and properly analyzing it and finding a ton of screwups (many critical), there is absolutely no doubt in our mind that the sole reason why the PS3 lasted this far is because OtherOS kept all the competent people happy enough not to try to break into the system (that, and maybe hype around their hypervisor and isolated SPE security, both of which turned out to be terribly bad). If you watch the talk you'll actually see that we make this point clear and address the time-to-hack of the PS3. Given our experience and what we've learned from people who work on console hacks, almost nobody tried until OtherOS was removed, so the only valid measurement for "time to hack", as a strength-of-security measure, is the time since OtherOS was removed (9-12 months or so).

OtherOS was Sony's single best security feature.

In hindsight, taking away OtherOS doesn't seem to be too smart of a decision on Sony's part. However, if they had paid attention to the experiences that Microsoft's XBox team had in dealing with the open source community, perhaps the Playstation 3 DRM flaws would never have been found.

From a law journal article I published in 2007:
Microsoft opted to protect its platform against [those wishing to evade region controls on legitimately purchased games, hobbyist gamers, open source hackers, and software pirates] with one technical solution: any software that ran on the XBox needed to be "digitally signed" by Microsoft. Without a valid digital signature, the software would be rejected by the Xbox. To protect its revenue, Microsoft would only issue a digital signature to those software firms that obtained a license from Microsoft and thus agreed to pay royalties.

The problem of this approach, of course, is that the four different groups, which would normally have very little in common, were now motivated to share information and target the one security system holding them back. While those users who wished to play illegal copies of games were motivated by their desire to avoid paying for software, the other three groups had more personal motivations: creativity, and the desire to do what they felt was their right. Furthermore, both the Linux community and the hobbyist game developer community include skilled and motivated programmers — who by definition — spend their time working on projects for free. In creating a single DRM system, Microsoft inadvertently aligned the "software pirates" with a team of skilled open-source programmers with significant experience in reverse engineering proprietary systems. This is the very same design mistake that was made by the creators of the DVD DRM system.

The first breach of Microsoft’s DRM came from the mod-chip community, but did not pose a significant threat to Microsoft due to the difficult process that installing such a chip required. In July of 2003, the Free-X project announced that its members had figured out a way to get Linux running on the XBox without any hardware modifications. The developers were able to exploit a flaw in one of the system’s games using a "buffer overflow," a technique commonly used in the computer security community. Once they had successfully created a software-based hack, the Linux developers gave Microsoft an ultimatum: release a digital signature for the Linux operating system, which would enable users to legitimately run Linux on the Xbox without having to evade the DRM system or else the developers would release a working implementation of the evasion system to the Internet.

Microsoft refused and so the developers made good on their threat. Other developers took advantage of this information, and thus a number of development communities sprung up around the Xbox. This included the Xbox Media Center, an open-source media player capable of playing videos, multi-region DVDs, streaming video and radio from the Internet, and podcasts. Those wishing to play copied games, both fair use backups and illegal copies, also benefited. In many ways, the software pirates were able to free-ride on the efforts of the Linux hobbyists, although Microsoft attempted to portray them in the media as one and the same.

No comments: