If you’ve found yourself hankering for a cool $50,000 and have a spare PlayStation 4 to tinker with, you could have your week cut out for you.
Sony has opened a Bug Bounty Program for the PlayStation 4 in July, and it has brought the number of exploits for the PlayStation 4 down to a trickle; available for security researchers is the Sony PlayStation 4 console, the operating system on which it runs, official PlayStation 4 accessories, as well as the PlayStation Network.
The program is released with management from HackerOne, a white-hat security organization that has previously worked with everyone from Nintendo to Starbucks in testing security for systems, and is called the Vulnerability Rewards Program (VRP). The program has been running as an invite-only program for roughly a year prior to the organization opening it up to the public.
If this is your first metaphorical dance with public security testing, there are a few things that you need to know before getting your feet wet in the white-hat area of security.
First, there have been ample cases of public bug bounties resulting in organizations filing criminal charges against those that succeed, rather than paying them. This has never been reported with Sony, as an important note, but the territory here can be ruthless as some companies see it as a means to get penetration-testing work done for free.
Second, it’s an enthralling endeavor that will shine a light on the side of technology that few will ever understand, and can easily pay the bills for someone that can reliably find exploits in systems.
In Sony’s recently announced VRP, finding critical exploits on the PlayStation 4 results in a $50,000 payday, ranging down to low threats paying out $500. On the PlayStation Network, critical threats pay out $3,000 down to $100, depending on the severity and present threat that it offers Sony and their PlayStation infrastructure.
Sony has now joined both Nintendo and Microsoft in offering bug bounties, with Nintendo interestingly taking the lead in the avant-garde process back in 2016; a rare notion where Nintendo successfully improvises new solutions prior to the competitors.
Even while they’re still struggling to figure out how online-parties work.
Here you are, https://t.co/cdVyvdqGZ6, PS4 kernel exploit for FW 7.02 and below. Vulnerability discovered on 2019-06-09.
This must be chained together with a WebKit exploit, for example https://t.co/1BYe1aFGCe for FW 6.50.
— Andy Nguyen (@theflow0) July 6, 2020
Since the program has released, multiple scene members have simply stopped sending their exploits online, opting instead to use their knowledge to gain sums from various corporations. Some are speculating that this could be a massive blow to piracy in the future, as black-hat users find more financial merit in sending exploits to manufacturers instead of rabid fans.
The ultimate question is whether gray-hat security experts will find more value in exposing the vulnerabilities online rather than bringing them to the attention of Sony; granted, Sony is offering that largest cash-rewards for anyone to find a security flaw of its two console rivals, and reputation can proceed security experts within this field.
All you need is a daunting repository of knowledge of how technology works. Super easy, right?