Skip to main content

Sony sues over PS3 key, firmware

It looks like Sony has found its much-needed solution to the recent breaking of the DRM key in its PlayStation 3 console, and it's not very technical: the company has filed suit against those responsible for highlighting its security ineptitude.

The crack, originally proposed by a group known as fail0verflow and expanded upon by security researcher George Hotz - also known as geohot - sprang from the discovery that Sony had failed to use properly random numbers to seed the private key that protected the PS3's internals, leading to the discovery of the key's signing part.

Once discovered, hackers were able to produce third-party firmware that would run homebrew code not officially sanctioned by Sony - which led, inevitably, to the production of a fully signed firmware capable of running illegitimately downloaded copies of games.

Sony promised that it would find a solution to the crack, despite the impossibility of stuffing the genie back in the bottle, and it appears to be doing so: with laywers rather than technicians.

According to documents hosted on and, Sony has filed for a temporary restraining order preventing the dissemination of the PS3's private key or any code based upon the key.

In addition, the company has filed a complaint seeking: "injunctive relief and damages based on violations of the Digital Millennium Copyright Act; violations of the Computer Fraud and Abuse Act; contributory copyright infringement; violations of the California Comprehensive Computer Data Access and Fraud Act; breach of contract; tortious [sic] interference with contractual relations; common law misappropriation; and trespass" against George Hotz, Hector Martin, Sven Cantero, and a swathe of 100 John Does.

The complaint claims: "SCEA alleges that each Defendant, individually and in concert with the other Defendants, has (1) circumvented effective technological protection measures that SCEA employs to protect against unauthorised access to and copying of SCEA's proprietary PlayStation 3 computer entertainment system and other SCEA copyrighted works, and (2) trafficked in circumvention devices and components thereof that enable unauthorised access to and copying of one or more PS3 System and SCEA's other copyrighted works.

"SCEA further alleges that each Defendant, individually and in concert with other Defendants, has intentionally accessed one or more of SCEA's PS3 Systems without authorisation and/or trafficked in passwords or similar information used to gain access to the system."

The relief sought by Sony includes a permanent injunction against those named in the complaint and "their agents, servants, employees, successors and assigns" from continuing to distribute the key and associated signed code, turn their computer systems over to Sony for destruction, damages for copyright infringement plus interest, and that the defendants pay the full cost of the suit.

The complaint, which was filed late yesterday on Sony's behalf by James G. Gilliland Jr. of the law firm Kilpatrick Townsend & Stockton LLP, comes despite the claims from fail0verflow and others that the motivation was the restoration of the Other OS feature of the PS3 - removed by Sony, ironically, over fears it could facilitate piracy on the platform.

Sony has so far issued no comment on the legal action.