A bug hunter was rewarded $15,000 for reporting a critical RCE bug in Sony’s PS Now. He described that this bug, when exploited, can let attackers inject malicious code and run in the target users’ systems. While he reported this bug early this year, PlayStation a month after marked it as resolved on patching it.
PlayStation Now Bug Leading to RCE Attacks
Competing against Microsoft’s Xbox Game Pass, Sony has introduced a similar cloud gaming subscription service called PlayStation Now in 2014, which has more than 2.2 million subscribers now. Since popular, it could become one of the favorite targets for hackers.
Thus, PlayStation has set up a bug bounty program on HackerOne earlier this year in hopes of rewarding bug hunters who privately disclose critical bugs in their network and gadgets. This led a bug hunter named Parsia Hakimian to submit an RCE bug in PlayStation Now (PS Now) on May 13th, which was resolved by PlayStation a month later.
— Parsia Hakimian (@CryptoGangsta) December 4, 2020
He described the bug affects PS Now versions 11.0.2 and earlier on computers running Windows 7 SP1 or later. He noted the bug is an insecure Electron app, which, if exploited, exposes users to RCE attacks.
He described that “Any website loaded in any browser on the same machine can run arbitrary code on the machine through a vulnerable WebSocket connection.”
Thus, it can “lead to arbitrary code execution” since the “AGL application performs no checks on what URLs it loads.” The flaw of the AGL WebSocket not checking the origin header or request origins of a file is the catch. PlayStation awarded him with a $15,000 bounty for reporting this.