PSPTM Has Inbuilt Flaw
Computer villains have found a malicious program, which they have used to target the abundantly popular Play Station Portable TM game devices to make them inoperable. This has happened because the gaming console PSPTM has vulnerability. The gap is a "buffer overflow" opening doors for malicious code to load on these devices.
There already exists a 'proof of concept' exploiting this flaw and operating on all versions of PSP firmware and able to picture TIFF files. Thus a malicious program can be easily designed to exploit this security loophole.
The vulnerability occurs due to an error in 'libTIFF'. With a specially crafted TIFF image put in view in the 'Photo Viewer', the error can be exploited to run an arbitrary code. Panda Labs detected the vulnerability and has confirmed its operation in version 2.60 that has been reported through versions 2.00 to 2.80.
The PSPTM is meant to run only legitimate games and software but downloading and installing illegal codes or even patches could evade these checks and controls. Luis Corrons, director of "Panda Labs" commented that the vulnerability is particularly risky as it allows exploitation by a malicious program or even straight by hackers.
The PSPTM is flawed to such an extent that it disguises itself as a file to allow users to run their own codes, malware or otherwise. Thus malicious code not just targets and infects computer machines but anything that can execute the code becomes a potential target.
Attacks on "gaming consoles" have occurred earlier also. In 2005 these devices were targeted by other malicious codes. These codes were the "Format.A" and "Tahen" i.e., modified A and B of Trojans. The Trojan attacks deleted vital files of Play Station Portable TM and even made the console useless.
Security experts strongly recommend for non-installation of software on consoles that come from unreliable sources. Further it is imperative to scan a program with an anti-virus solution before installing it on the PC. By the same manner external communication like "USB", "IrDA" or "WiFi" must not be set up with unreliable consoles or 'personal computers' that could transmit undesirable content.
» SPAMfighter News - 21-09-2006