Hackers use PlayStation 3 to break SSL

By on

And we thought that the PlayStation 3 wouldn’t be used by anyone because of its high price point; but we were wrong. Hackers from the U.S and Europe have found a weakness in the MD5 algorithm and harness it to create a rouge Certification Authority (CA), which would allow fake certificates to be fully trusted by modern web browsers, according to ZDNet.

Using the power of 200 PS3 consoles and $700 in test digital certificates, this new exploit basically allows attackers to conduct phishing attacks that are undetectable. According to ZDNet:

The research is significant because there are at least six CAs currently using the weak MD5 cryptographic algorithm in digital signatures and certificates.  The most commonly used Web browsers — including Microsoft’s Internet Explorer and Mozilla’s Firefox — whitelist these CAs, meaning that a fake Certificate Authority can display any site as secure (with the SSL padlock).

In other words, this means that they have effectively broken what was known before as a secure standard for encrypted sites (like bank websites and online stores), SSL.