Sony appears to be back on their old tricks again, as new reports now suggests, the latest PS3 firmware 3.56 didn't only include 'some minor update that improves system software stability', it also packs a sneaky new feature that will allow the electronic giant to install and run some codes when users logs into the PSN. A user dubbed N.A., who first mentioned the alleged rootkit last week on the Neogaf forum and cited work performed by developer Mathieulh, alleged that a rootkit in firmware version 3.56 allows Sony to "remotely execute code on the PS3" when users connect to the PlayStation Network. Mathieulh informed people over Internet Relay Chat that the alleged rootkit can be used by Sony for "verifying system files or searching for homebrew." It might also be used as a way to ensure users on the PlayStation Network are using Sony's own firmware. However, N.A. also pointed out that "Sony hasn't activated any of this yet." Sony did not immediately respond to request for comment.
For those who are curious about the new PS3 security, it seems Sony has implemented something in 3.56 I mentioned here a few weeks ago that is the same as Microsoft uses to detect and ban 360's. Mathieulh just posted about it on IRC. Essentially Sony can now remotely execute code on the PS3 as soon as you connect. This can do whatever Sony wants it to do such as verifying system files or searching for homebrew. Sony can change the code and add new detection methods without any firmware updates and as the code executes remotely there is no reliable way to forge the replies. Whilst it is possible to patch or remove this code from the firmware this will likely mean the end of playing CFW online (as PSN can just check before login that this is active) or at the very least mean it will be even easier for Sony to detect and ban users. Judging from the fact that people can still connect using the proxy method it seems Sony hasn't activated any of this yet but the functions are there in the new firmware.