A PS3 rootkit has allegedly been discovered by developer Mathieulh, that the new official PS3 firmware v3.56 contains a rootkit which could allow Sony to perform remote code execution upon connection to the PlayStation network.
The discovery has not been confirmed as yet, or what Sony would do with this info. However it could allow Sony to detect potential security breaches on PS3 systems and allow it to implement future updates to combat potential issues.
Originally Posted by N.A:
For those who are curious about the new PS3 security, it seems Sony has implemented something in 3.56 I mentioned here a few weeks ago that is the same as Microsoft uses to detect and ban 360’s.
Mathieulh just posted about it on IRC.
Essentially Sony can now remotely execute code on the PS3 as soon as you connect. This can do whatever Sony wants it to do such as verifying system files or searching for homebrew. Sony can change the code and add new detection methods without any firmware updates and as the code executes remotely there is no reliable way to forge the replies.
Whilst it is possible to patch or remove this code from the firmware this will likely mean the end of playing CFW online (as PSN can just check before login that this is active) or at the very least mean it will be even easier for Sony to detect and ban users.
Judging from the fact that people can still connect using the proxy method it seems Sony hasn’t activated any of this yet but the functions are there in the new firmware.