More insecure CDs from Sony BMG

James Delahunty
7 Dec 2005 9:56

Sony BMG, which was caught up in a Digital Rights Management (DRM) mess for the last month over the XCP copy protection has today announced, along with the Electronic Frontier Foundation that SunnComm has released a security update for its MediaMax Version 5 copy protection software, which ships on "certain Sony BMG CDs". The vulnerability discovered could allow an attacker to hijack a user's PC if the MediaMax software has been installed.
The EFF said the vulnerability centers around a file folder installed by the MediaMax software "that could allow malicious third parties who have localized, lower-privilege access to gain control over a consumer’s computer running the Windows operating system." This time around, Sony wasted no time in bringing this to consumer attention after being criticised for how badly it handled the XCP "rootkit DRM" situation.

Even besides the vulnerability, the EFF has pointed out other major problems with the DRM technology including "undisclosed communications with servers Sony controls… undisclosed installation of over 18 MB of software regardless of whether the user agrees to the End User License Agreement; and failure to include an uninstaller with the CD." So there are some obvious privacy concerns with this DRM too.
However this time it is not just Sony using the DRM, over 30 other labels also use it according to the EFF, which is investigating whether any of those labels' CDs include the same vulnerability. A link to the patch, a list of infected titles and more important information can be found at the EFF's website.

Sources:
The Register
Electronic Frontier Foundation

More from us
We use cookies to improve our service.