The PS4's Wi-Fi chip reportedly has multiple vulnerabilities... but they're not exactly new

Zecoxao reported today that the Wi-Fi chip used on the PS4 (of Marvell Avastar brand) is vulnerable to multiple security issues. He adds that the firmware is available in plaintext on the PS4 sflash, and unsigned. However the bugs were reported in 2019, so it’s unclear if they could be of any use today for PS4 hacking.

PS4 – What could be done with a Wi-Fi vulnerability?

In the CVE from 2019 (wow…) the Zecoxao mentions, we learn that the Marvel Avastar brand of Wi-Fi chips is vulnerable to multiple security vulnerabilities. This impacts a wide range of SoCs from the brand (according to the CVE, at least models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997), which includes the chip used on the PS4 (88W8797, possibly 88W8797 on some models, see:

Now, a vulnerable component on the PS4 console in itself is probably not enough to gain control of the console (the PS4 Kernel doesn’t automatically trust its peripherals, after all). However, it is a possible entry point for further privilege escalation. In other words, if leveraged properly, this could have some use, similarly to a Webkit bug, as a usermode vulnerability used in a larger exploit chain (i.e. a PS4 Jailbreak).

Additionally, we’ve known for a while that the Wi-Fi firmware on the PS4 is unencrypted.

PS4 Marvell Wi-Fi vulnerability – why talk about a 2018 exploit?

This vulnerability is resurfacing today, following a Tweet by scene veteran Zecoxao. There doesn’t seem to be anything “new” recently that justifies mentioning this vulnerability now, although, from what I can tell, this wasn’t covered by any PS4 scene website back then (including yours truly), which is probably why it’s catching the scene’s attention today.

BetterWayElectronics mentions it’s possible to downgrade the PS4 Wi-Fi firmware (not entirely surprising since it’s unencrypted), so technically if something is doable with those vulnerabilities, it could impact even more recent PS4s.

My gut feeling is that the “right” people have already seen this a while ago, and if it was useful, we would have known about it by now. But I’ve been very wrong in the past, a lot, so who knows.

Leave a Reply

Your email address will not be published.