|
Copy protected CDs land Sony in hot water |
|
|
|
|
Monday, 07 November 2005 |
Music fans are being warned of security issues associated with "content protected" CDs, after entertainment giant Sony BMG was found to be using anti-piracy software which hides itself on customers PCs, in a similar way to viruses, worms and trojans.
So-called "rootkit" software was discovered by Mark Russinovich of Sysinternals, a freeware company, after he bought a music CD employing digital rights management (DRM) technology, through amazon.com.
A rootkit is a set of tools, commonly used by hackers to hide running processes and files or system data, to help them continue to access a computer undetected.
After using his computer to play the CD - Get Right with the Man by country rockers Van Zant - a rootkit showed up on Mr Russinovichs PC.
He traced it back to the DRM used by Sony to protect the CD from being burned over and over. The CD can only be played using its own media player.
When the "content protected" CD is inserted into the CD drive, Sonys anti-piracy program installer pops up. Once this program is installed, there is no "uninstall" feature.
Because he knows to find the files needed to run the copy protection software, he removed the program, but then found his CD-ROM was useless.
"Deleting the drivers had disabled the CD," he says in his blog.
"Now I was really mad."
He is critical of the coding used in the XCP (Extended Copy Protection) technology used on the Sony CDs.
The software was produced by British company First4Internet. The company was traced using text buried in the hidden files.
"The entire experience was frustrating and irritating," says Mr Russinovich.
"Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall.
"Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files."
The content protection only applies to users of Windows PCs.
First4Internet says it has stopped developing the software, and Sony has now released an "update" which removes the cloaking software.
But Sony says there is nothing wrong with XCP technology on content-protected CDs.
"This component is not malicious and does not compromise security," it says.
"However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers."
But the Sony CDs are already proving beneficial to hackers, with theregister.co.uk reporting the rootkits can be handy when cheating in online gaming.
"Blizzard Entertainment, the maker of World of Warcraft, has created a controversial program that detects cheaters by scanning the processes that are running at the time the game is played," says the website.
"Called the Warden, the anti-cheating program cannot detect any files that are hidden with Sony BMGs content protection, which only requires that the hacker add the prefix "$sys$" to file names."
Mikko Hypponen from Finnish anti-virus company F-Secure says the updated version needs to be issued on content-protected CDs.
"Many people that buy copy-protected music will not be aware of the programs that get installed on their computers, let alone worry about updating them," he says on the companys blog.
The updated version removes the cloaking, but not the DRM software itself.
"Automatic uninstallation of the software is still not possible without additional tools, and removing it manually is difficult," says Mr Hypponen.
"If you want to remove the software from your computer, we still recommend that you contact Sony BMG using their web form and ask for permission to uninstall it."
Mr Hypponen says there are inherent dangers with coding which is installed without customers knowing it exists.
"So imagine a situation where Joe Customer buys CD from label A and another CD from label B. Label A uses third party DRM from company X and Label B uses from company Y.
"Then our user first plays one of the CDs in his PC, and everything works fine. But after he starts playing the second CD, his computer crashes and wont boot again. This is something I would not like to associate with buying legal CDs."
|