Yesterday CNN published an article about using PS3 for distributed calculations. The scientists at Stanford University worked with Sony to port their Folding@home project to PS3. The idea is that the users will download a program to the hard drive of their PS3, and the program will perform some complex scientific calculations while the console is not being used for games. It will upload results to some central location, helping to find a cure to a number of diseases.
The article left me with mixed feelings. On one hand, this is definitely a creative use of PS3, and the project is, no doubt, beneficial for all mankind. I applaud the scientists at Stanford and the people (tehchies and business folks) at Sony.
On the other hand, this new project demonstrates one very important thing: PS3 is a device which has very powerful processor, local storage and connectivity capabilities. It can go online, download software, run it (maybe even in a background mode), and send data back. In other terms - yes, it is a full-scale computer, as we were told already. The question is - what about security?
I do believe that Sony did its best to implement various security features. But I know also that PSP, for example, was hacked in a very short time. In a contest between Sony and hackers I wouldn't bet on Sony.
You may say: "So what? Normal computers are also being hacked into daily; there are tons of malware out there - but no one panics because of that." The problem here is not a technical one - it's, rather, a psychological issue. Majority of users know now that the computers have to be protected against viruses, trojans and other dangers. People are learning to be attentive to unusual behavior of their computers; and they also learn to protect their PCs by installing automatically updating antiviruses, firewalls and all sorts of protective software (to say nothing about regular automated updates of OS). They learn it about computers - but almost no one will ever perceive their gaming console - a toy - to be a computer that requires an equal amount of protection. I strongly doubt that anyone will buy and install a firewall or antivirus for their PS3.
Next question is - what is a danger of compromising PS3 security? Yes, it doesn't have any sensitive data stored (though it might have account numbers and passwords for some subscription-based online games). But it has exactly what was used by people at Stanford: free horsepower and connectivity. So, I can clearly see a botnet of infected PS3s used for distributed calculations (breaking keys, for example), spamming, or DDoS attacks. And, even if the source of the problem will be traced to PS3s, it might be incredibly difficult to make people install some patches or run cleaning software.
Maybe Sony already addressed this problem somehow - I don't have enough information yet. But I can see an interesting and dangerous trend here. I am talking about having powerful computers in an ordinary gadgets and not even thinking about their true capabilities. It's not a new idea, but it seems less and less fantastic to me: we are close to times when one might discover that his coffee maker is being infected by a virus, and his vacuum cleaner is being used to crack some Pentagon codes...
Technorati tags:PS3, security