Watch as Duo’s Creative Director Pete Baker and Duo Labs’ Mark Loveless and Steve Manzuik debunk the myths that terrorists were using PlayStation networks and the popular Call of Duty game to communicate with each other. Follow @Duo_Labs for more security research and insights on the information security industry!
Yes, someone actually suggested that as fact - last November, an article in Forbes entitled How ISIS Terrorists May Have Used PlayStation 4 to Discuss and Plan Attacks sparked conversation about terrorists using the game console to evade government detection.
This evolved out of the media chaos resulting after the terrorists attacks in Paris, and after a number of raids to find the terrorists in nearby Brussels. Belgian federal home affairs minister Jan Jambon is quoted:
The most difficult communication between these terrorists is via PlayStation 4. It’s very, very difficult for our services — not only Belgian services but international services — to decrypt the communication that is done via PlayStation 4. - Politico
Jambon also claimed that “PS4 is even more difficult to keep track of than WhatsApp.”
WhatsApp Messenger is a global instant messaging app for smartphones, allowing 900 million users to send texts, images, video and phone calls over the Internet. Facebook purchased WhatsApp Inc. for $19 billion in 2014.
The article claims that comparatively low-tech systems like gaming consoles may offer “a more secure means of communication than even encrypted phone calls, texts and emails.” That includes sending messages through the PSN online gaming service, voice-chatting, and communicating through a specific game. Forbes cites documents leaked by Edward Snowden that revealed the NSA and CIA infiltrated terrorist meet-ups in online games like World of Warcraft.
Our security research team, Duo Labs answers the question: Are the text/chat channels on the PS4 any more obfuscated/secure than WhatsApp or any other messaging platform? It’s been said that the PS4 is much harder for gov. agencies to actually monitor the communication channel, making it attractive to terrorists.
Duo Labs tested it out with simple text and voice messages back and forth between two users on the Playstation network via PS4 and found:
- Communications are encrypted with TLS
- However, there are fundamental flaws in TLS that can allow them to be monitored
- A nation state that attempted to monitor these networks could obtain the keys to decrypt the communication
Meanwhile, applications like WhatsApp do end-to-end encryption, making it significantly harder for a nation state to attack than simple TLS. Conclusion: there’s no reason to think that PS4 or Xbox are any more secure than anything else.
Another scenario Duo Labs addresses in the video is the claim that terrorists would collectively join a multiplayer game like Call of Duty in order to write messages to each other by spelling out words via bullets shot into walls, within the game.
As the Forbes article claims:
An ISIS agent could spell out an attack plan in Super Mario Maker’s coins and share it privately with a friend, or two Call of Duty players could write messages to each other on a wall in a disappearing spray of bullets.
Watch our video as Duo Labs demos shooting into the walls to see whether or not it’s even possible to write/communicate messages within the game of Call of Duty.