Why PS4 is not so secure for the ISIS members’ communication?

Pierluigi Paganini January 10, 2016

Duo Labs demonstrated that there’s no reason to think that PS4 or Xbox are any more secure than anything else when dealing secret communication.

Members of the ISIS terrorist group make large use of technology, security experts believe that it is radical organization with the greatest cyber capabilities in the history.

Recently a footage published by Skynews demonstrated the existence of an R&D center in Syria where missiles and other technologies are designed.

After the Paris attacks, a raid in nearby Brussels provided evidence that terrorists were using at least one PlayStation 4 console.

The Belgian federal home affairs minister Jan Jambon explained that the PS4 was used by ISIS members for their communications.

The choice is not casual, despite the effort of the intelligence agencies in monitoring communications over Gaming console, the ISIS members were aware of the difficulties to conduct a large-scale surveillance on the PlayStation 4 channels.

“The thing that keeps me awake at night is the guy behind his computer, looking for messages from [the Islamic State]and other hate preachers,” Jambon said last Friday, according to Brussels weekly, the Bulletin. “PlayStation 4 is even more difficult to keep track of than WhatsApp.”

“The most difficult communication between these terrorists is via PlayStation 4. It’s very, very difficult for our services — not only Belgian services but international services — to decrypt the communication that is done via PlayStation 4.” stated a blog post on the Politico website.

How is it possible to use PlayStation for cover communications?

According to the experts, there are features in video games that allow to easily communicate when two or more individuals participate in a multiplayer game session.

In the popular game Call of Duty it is possible to pilot using bullets to pepper walls with holes, in this way it is also possible to write a text on the wall that disappears after a few seconds.

Not only bullet holes in Call of Duty, many experts noticed that the innocent games like Mario could be exploited for communication. this time, the messages could be arranged on the floor by using Mario coins.

sony playstation 4 PS4

Is it really secure for terrorists use the PlayStation 4 for their communications?

A trio of security experts from Duo Labs has explained that using video games as a secure communication channel is not so secure. The experts have tested the messaging systems implemented by the PlayStation 4 and the feasibility of various ways for writing text using game features.

The experts at Duo Labs wrote an interesting post titled “Debunking Myths: Do Terrorists Use Game Consoles to Communicate With Each Other?

Duo Labs tested it out with simple text and voice messages back and forth between two users on the Playstation network via PS4 and found:

  • Communications are encrypted with TLS
  • However, there are fundamental flaws in TLS that can allow them to be monitored
  • A nation state that attempted to monitor these networks could obtain the keys to decrypt the communication

Summarizing it is possible to monitor communications through the PlayStation 4 because the mechanism is affected by flaws that could be exploited for surveillance.

Meanwhile, applications like WhatsApp implements end-to-end encryption, making it harder for law enforcement and nation-state actors to spy on communications.

There are also other difficulties related to the use of the features explained before:

“You cannot communicate large chunks of information effectively,” said Duo Labs researcher Mark Loveless said.

“Conclusion: there’s no reason to think that PS4 or Xbox are any more secure than anything else.”

Pierluigi Paganini

(Security Affairs – ISIS, PS4)

you might also like

leave a comment