Why PS4 is not so secure for the ISIS members’ communication?

Duo Labs demonstrated that there’s no reason to think that PS4 or Xbox are any more secure than anything else when dealing secret communication.

Members of the ISIS terrorist group make large use of technology, security experts believe that it is radical organization with the greatest cyber capabilities in the history.

Recently a footage published by Skynews demonstrated the existence of an R&D center in Syria where missiles and other technologies are designed.

After the Paris attacks, a raid in nearby Brussels provided evidence that terrorists were using at least one PlayStation 4 console.

The Belgian federal home affairs minister Jan Jambon explained that the PS4 was used by ISIS members for their communications.

The choice is not casual, despite the effort of the intelligence agencies in monitoring communications over Gaming console, the ISIS members were aware of the difficulties to conduct a large-scale surveillance on the PlayStation 4 channels.

“The thing that keeps me awake at night is the guy behind his computer, looking for messages from [the Islamic State]and other hate preachers,” Jambon said last Friday, according to Brussels weekly, the Bulletin. “PlayStation 4 is even more difficult to keep track of than WhatsApp.”

“The most difficult communication between these terrorists is via PlayStation 4. It’s very, very difficult for our services — not only Belgian services but international services — to decrypt the communication that is done via PlayStation 4.” stated a blog post on the Politico website.

How is it possible to use PlayStation for cover communications?

According to the experts, there are features in video games that allow to easily communicate when two or more individuals participate in a multiplayer game session.

In the popular game Call of Duty it is possible to pilot using bullets to pepper walls with holes, in this way it is also possible to write a text on the wall that disappears after a few seconds.

Not only bullet holes in Call of Duty, many experts noticed that the innocent games like Mario could be exploited for communication. this time, the messages could be arranged on the floor by using Mario coins.

Is it really secure for terrorists use the PlayStation 4 for their communications?

A trio of security experts from Duo Labs has explained that using video games as a secure communication channel is not so secure. The experts have tested the messaging systems implemented by the PlayStation 4 and the feasibility of various ways for writing text using game features.

The experts at Duo Labs wrote an interesting post titled “Debunking Myths: Do Terrorists Use Game Consoles to Communicate With Each Other?

Duo Labs tested it out with simple text and voice messages back and forth between two users on the Playstation network via PS4 and found:

  • Communications are encrypted with TLS
  • However, there are fundamental flaws in TLS that can allow them to be monitored
  • A nation state that attempted to monitor these networks could obtain the keys to decrypt the communication

Summarizing it is possible to monitor communications through the PlayStation 4 because the mechanism is affected by flaws that could be exploited for surveillance.

Meanwhile, applications like WhatsApp implements end-to-end encryption, making it harder for law enforcement and nation-state actors to spy on communications.

There are also other difficulties related to the use of the features explained before:

“You cannot communicate large chunks of information effectively,” said Duo Labs researcher Mark Loveless said.

“Conclusion: there’s no reason to think that PS4 or Xbox are any more secure than anything else.”

Pierluigi Paganini

(Security Affairs – ISIS, PS4)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

11 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

18 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

2 days ago

This website uses cookies.