• Register
  • TOS
  • Privacy
  • @NeoGAF
  • Like

RhyDin
[hacker voice] I'M IN
(04-07-2016, 02:33 AM)
RhyDin's Avatar
We still see tons of people getting their PSN accounts compromised (from what I can only guess are successful phishing attempts) and their accounts banned - the funniest part of remote play is that it requires no authentication on the console side during the remote play authentication in it's current state, from my experience. You just enter your PSN credentials and it seems to find the console you're logged into that account with and syncs it up effortlessly. In some cases, you may need to manually link up - I'm unsure if this is due to being outside of the same local network/subnet, though.

Now bad guys can run your account up with bills, view your paypal e-mail, delete all your friends and gamesaves or format your console, post spam and much more - from your own IP address! Luckily, you can't gift people games from your account on Playstation, otherwise PSN would become even more of a target and a nightmare.

Come on, Sony, still no two-factor authentication? Nintendo might be light-years behind in terms of network infrastructure and connectivity, but even they know what they're doing in terms of protecting the end-user. Just look at Miitomo - the reason for only being able to add by people around you or social networking is to prevent spammers and bots.

If you aren't already using a password manager and using a unique password on your Playstation account, now would be a very good time to change that.
Last edited by RhyDin; 04-07-2016 at 02:40 AM.
saunderez
Member
(04-07-2016, 02:45 AM)
saunderez's Avatar
What makes using RemotePlay any different then using the Store on a PC?
jiggles
Member
(04-07-2016, 02:50 AM)
jiggles's Avatar
If this is honestly the kind of thing that keeps you up at night you can just either not bother forwarding the remote play ports on your home router, or simply turn the feature off.
autoduelist
Member
(04-07-2016, 02:51 AM)
autoduelist's Avatar

Originally Posted by RhyDin

You just enter your PSN credentials

If someone already has access to your PSN credentials, they don't need remote play to fuck with you. You thread is bonzo beans.
bones123
Member
(04-07-2016, 02:53 AM)
bones123's Avatar
I don't...

Do you think someone is gonna RDP into your computer and run Remote Play PC and buy shit on your PS4? The app needs you to have a DS4 plugged in anyway, so you're probably better off worrying about having a keylogger steal your password when you log in.
TalonJH
Member
(04-07-2016, 02:58 AM)
TalonJH's Avatar
If they already have your credentials, they can just log into your account on their on PS4 and do the same. It's not really any different.

If you give me your information I can log in and buy games, delete friends ect.

If you are worried, you can disable RP in settings>>remote play connection settings under unchecked enable remote play.

Two factor authentication needs to happen though.
Last edited by TalonJH; 04-07-2016 at 03:09 AM.
Bowler
Member
(04-07-2016, 03:01 AM)
Bowler's Avatar
I wanna see the receipts on this "ton of accounts"
TheSpoiler
Member
(04-07-2016, 03:03 AM)
TheSpoiler's Avatar
This was a quick backfire.
2blackcats
Member
(04-07-2016, 03:04 AM)
2blackcats's Avatar
And if I had your atm card and pin number I might be able to steal your money :P
Orayn
Member
(04-07-2016, 03:05 AM)
Orayn's Avatar
OP may be a little dramatic, but there really is not excuse for Sony not to support two factor authentication.
Fat4all
Member
(04-07-2016, 03:07 AM)
Fat4all's Avatar
Cade
Member
(04-07-2016, 03:08 AM)
Cade's Avatar

Originally Posted by bones123

I don't...

Do you think someone is gonna RDP into your computer and run Remote Play PC and buy shit on your PS4? The app needs you to have a DS4 plugged in anyway, so you're probably better off worrying about having a keylogger steal your password when you log in.

It actually doesn't need a DS4. All the menus are operable with keyboard.
Mechazawa
Member
(04-07-2016, 03:15 AM)
Mechazawa's Avatar
Sony's lack of 2 step is absolutely Garbage Town, I feel you on that front, but the PS4 has a functionality that blocks remote play from rest mode. So unless you're often leaving your PS4 on while stepping away for prolonged stretches of time for whatever reason, even someone having your credentials shouldn't be an issue.

And like others have said, it's easier to fuck with you on that front by just logging into the PC Store.
TriangularDuck
Member
(04-07-2016, 03:18 AM)
TriangularDuck's Avatar
Sony's awful security is no less awful with Remote Play added.
autoduelist
Member
(04-07-2016, 03:20 AM)
autoduelist's Avatar

Originally Posted by Bowler

I wanna see the receipts on this "ton of accounts"

How much does an account weigh to begin with?
hikarutilmitt
Member
(04-07-2016, 03:22 AM)
hikarutilmitt's Avatar
Having a unique code you have to input to have a device's RP setup connect to the PS4 isn't authentication? I guess I need to burn everything I own and make a break for the north pole where nobody can get me!
InsaneTiger
Banned
(04-07-2016, 03:24 AM)
It's already been said a couple times here but if they have your credentials, its game over. Adding remote play to PC doesn't make it any worse than it already is.

Maybe the new SIE will implement 2-factor authentication someday.
Rellik
Member
(04-07-2016, 03:30 AM)
Rellik's Avatar
OP may be a little dramatic, but the fact we STILL don't have 2 factor authentication is absolutely ridiculous.

We'll probably get it at the same time as PSN name changes.

Never
RhyDin
[hacker voice] I'M IN
(04-07-2016, 03:37 AM)
RhyDin's Avatar

Originally Posted by hikarutilmitt

Having a unique code you have to input to have a device's RP setup connect to the PS4 isn't authentication? I guess I need to burn everything I own and make a break for the north pole where nobody can get me!

I didn't have to do this.

I don't think they can view your PayPal from PlayStation.com, nor can they delete cloud data (?) or remotely stored save data, or format your console.

To the poster questioning RDP into your PC is not what I mean. Remote play can wake a PS4 over WAN, then they can format your console by remotely controlling it.
AbandonedTrolley
Member
(04-07-2016, 04:35 AM)
AbandonedTrolley's Avatar
Remote play has been around for years, it's not any less secure now than it has been before..
chrisPjelly
Member
(04-07-2016, 04:37 AM)
chrisPjelly's Avatar


Their choice if they want to deal with 5 second input delay over the internet
nynt9
Member
(04-07-2016, 04:38 AM)
nynt9's Avatar


When keeping it real goes wrong?
Fisty
Member
(04-07-2016, 04:45 AM)
Fisty's Avatar

Originally Posted by RhyDin

I didn't have to do this.

I don't think they can view your PayPal from PlayStation.com, nor can they delete cloud data (?) or remotely stored save data, or format your console.

To the poster questioning RDP into your PC is not what I mean. Remote play can wake a PS4 over WAN, then they can format your console by remotely controlling it.

This isnt even possible
Maintenance
Member
(04-07-2016, 04:47 AM)
Maintenance's Avatar
Be careful if you play with mods on your PC too, they might snatch your PSN account password.

Having no 2 factor authentication is shitty though, I agree with that.
TalonJH
Member
(04-07-2016, 04:53 AM)
TalonJH's Avatar

Originally Posted by RhyDin

I didn't have to do this.

I don't think they can view your PayPal from PlayStation.com, nor can they delete cloud data (?) or remotely stored save data, or format your console.

To the poster questioning RDP into your PC is not what I mean. Remote play can wake a PS4 over WAN, then they can format your console by remotely controlling it.

You actually can't do that. You get this page:
Last edited by TalonJH; 04-07-2016 at 05:08 AM.
Illucio
Banned
(04-07-2016, 05:07 AM)
This pretty much kills Vita for me for good, glad I sold it.

I can now game on my PC with my PS4 controller, which is +1 in laziness for me. I do prefer to go on my big screen and couch to play though. But it's nice knowing I have the option if I'm at a friends house or something.
5taquitos
Member
(04-07-2016, 05:09 AM)
5taquitos's Avatar
That's a hefty dose of paranoia there, OP. If someone had my PSN login information, remote play access would be the least of my concerns.
fluxanimator
Banned
(04-07-2016, 05:24 AM)
How does remote play make hacking easier?
BigBossVanzetti
Junior Member
(04-07-2016, 05:32 AM)
BigBossVanzetti's Avatar
Any new software feature is worth discussing the security risks. So it's worth asking. But there is no concern with this.
LowSignal
Member
(04-07-2016, 05:38 AM)
LowSignal's Avatar
No. Don't share your login info with other people and you should be fine.
ShdwDrake
Member
(04-07-2016, 05:41 AM)
ShdwDrake's Avatar
ITT OP cannot computer XD
shmoglish
Member
(04-07-2016, 05:46 AM)
shmoglish's Avatar

Originally Posted by RhyDin

I didn't have to do this.

I don't think they can view your PayPal from PlayStation.com, nor can they delete cloud data (?) or remotely stored save data, or format your console.

To the poster questioning RDP into your PC is not what I mean. Remote play can wake a PS4 over WAN, then they can format your console by remotely controlling it.

There are a few Features you can't User while remote play. You have no access to the network related stuff, Netflix and other streaming services normaly dont work and I am sure formating the system is not possible.
7DollarHagane
Member
(04-07-2016, 05:49 AM)
7DollarHagane's Avatar
A hackers dream as in only in a dream would a hacker experience remote play as a way to compromise your Playstation
Leafhopper
Member
(04-07-2016, 05:50 AM)
Leafhopper's Avatar
What the hell am I reading.
Imbarkus
As Sartre noted in his contemplation on Hell in No Exit, the true horror is other members.
(04-07-2016, 05:57 AM)
Imbarkus's Avatar

Originally Posted by autoduelist

If someone already has access to your PSN credentials, they don't need remote play to fuck with you. You thread is bonzo beans.

But people get their credentials "hacked!"

Newtype-001
Member
(04-07-2016, 05:59 AM)
Newtype-001's Avatar
"A Hackers dream" tho 😂
jooey
The Motorcycle That Wouldn't Slow Down
(04-07-2016, 06:08 AM)
jooey's Avatar
Alert the media! HACKERS can remotely intercept your PlayStation and STEAL YOUR CREDIT CARD! Full details in today's Daily Mail
omnislayer
Member
(04-07-2016, 06:14 AM)
omnislayer's Avatar
I suspect the OP didn't put much thought into this...
MaximumSpider
Member
(04-07-2016, 06:16 AM)
MaximumSpider's Avatar
A hacker's dream.
C'mkn, man. Lmao.
Militaratus
Member
(04-07-2016, 06:21 AM)
Militaratus's Avatar

Originally Posted by RhyDin

Now bad guys can format your console

How did YOU get access to the format feature while that is normally disabled while in Remote Play?

Seriously I wanna know so we can report this security leak to Playstation.
timmyp53
Member
(04-07-2016, 06:22 AM)
timmyp53's Avatar

Originally Posted by Militaratus

How did YOU get access to the format feature while that is normally disabled while in Remote Play?

Seriously I wanna know so we can report this security leak to Playstation.

OP is clueless.
RhyDin
[hacker voice] I'M IN
(04-07-2016, 06:52 AM)
RhyDin's Avatar

Originally Posted by Mechazawa

Sony's lack of 2 step is absolutely Garbage Town, I feel you on that front, but the PS4 has a functionality that blocks remote play from rest mode. So unless you're often leaving your PS4 on while stepping away for prolonged stretches of time for whatever reason, even someone having your credentials shouldn't be an issue.

And like others have said, it's easier to fuck with you on that front by just logging into the PC Store.

That's weird, the app allowed me to wake up my PS4 while it was in rest mode when I connected, but maybe that's because it's on the same network as me. Also, there's some things people can't do on the site that you can do on a console, like purging your entire friend's list. It may seem unlikely, but to those who think this is laughable, you've clearly never been owned on the internet before.

I didn't know formatting the drive feature was disabled - I assume it was enabled because I did test the ability to delete your saved cloud data and locally stored data. Formatting would be the same thing, anyway, because saves are all you'd really be losing when doing a system recovery.

Originally Posted by 7DollarHagane

A hackers dream as in only in a dream would a hacker experience remote play as a way to compromise your Playstation

I don't see what the big laugh is. Without an extra layer of authentication (again, I never was presented with an on-screen handshake key to enter into the remote play app. I thought people in the remote play said that you're able to remote play over WAN).

From all the threads on GAF and elsewhere of unauthorized purchases on compromised PSN accounts, I haven't saw one that said their credentials were changed. I can only surmise this is because the thief planned on selling or using the account second-hand (although, a specific PSN account can only be signed in from one location at a time).

No, this isn't really different from any other RDP feature, aside from the fact that the feature is enabled by default and many people probably won't even be aware of it. That in itself is a kind of vulnerability, because we know that people won't proactively go in and disable it - just like people use insecure passwords and get brute forced, phished, or however else these accounts have been compromised.

tl;dr - Aside from getting your account banned when disputing fraud charges, your saves can now be deleted.
Last edited by RhyDin; 04-07-2016 at 07:04 AM.
Melchiah
Member
(04-07-2016, 07:02 AM)
Melchiah's Avatar
I don't think it works that way OP.

Originally Posted by RhyDin

Come on, Sony, still no two-factor authentication? Nintendo might be light-years behind in terms of network infrastructure and connectivity, but even they know what they're doing in terms of protecting the end-user. Just look at Miitomo - the reason for only being able to add by people around you or social networking is to prevent spammers and bots.

So, does Nintendo have two-factor identification?

In all my years I've only ran into one spammer/troll, who sent me several requests to join in Minecraft, eventhough I clearly said I don't have the game, nor could I be less interested in it. Deleting him/her from my PSN friends fixed that problem.

You can also set who can send you friend requests or private messages. It sounds like OP doesn't have much experience of using thecsystem.
SprachBrooks
Member
(04-07-2016, 07:02 AM)
SprachBrooks's Avatar
Inb4 lock. This is so dumb lol.
pooptest
Member
(04-07-2016, 07:06 AM)
pooptest's Avatar

Originally Posted by SprachBrooks

Inb4 lock. This is so dumb lol.

Don't lock it yet, mods. My popcorn isn't even ready.
Melchiah
Member
(04-07-2016, 07:07 AM)
Melchiah's Avatar

Originally Posted by RhyDin

tl;dr - Aside from getting your account banned when disputing fraud charges, your saves can now be deleted.

I'd like to see some proof about that.
RhyDin
[hacker voice] I'M IN
(04-07-2016, 07:12 AM)
RhyDin's Avatar

Originally Posted by Melchiah

So, does Nintendo have two-factor identification?

Miitomo supports login/registration by Facebook and Twitter, which both have it, so sort of. Nintendo Accounts on Nintendo.com also support logging in via Facebook, Google+ or Twitter and those accounts are the ecosystem where you purchase digital downloads via the web. So yes, it seems like they're starting to and are ahead of Sony on this.
DieH@rd
Member
(04-07-2016, 07:15 AM)
DieH@rd's Avatar



OP, go to sleep. :)

Or even better, create another thread about dangers of Share Play. We need more laughs.
Melchiah
Member
(04-07-2016, 07:17 AM)
Melchiah's Avatar

Originally Posted by RhyDin

Miitomo supports login/registration by Facebook and Twitter, which both have it, so sort of. Nintendo Accounts on Nintendo.com also support logging in via Facebook, Google+ or Twitter and those accounts are the ecosystem where you purchase digital downloads via the web. So yes, it seems like they're starting to and are ahead of Sony on this.

Both have it, but neither enforces it. I imagine you can login without using FB/Twitter as well.
Occam
Member
(04-07-2016, 07:19 AM)
Occam's Avatar
Ahahahahaha. Thank you.

Thread Tools