Sony cds embedded stealth rootkit

[sageridder]

I haven't seen any talk here about this yet so I wanted to make members aware of this.Apparently sony has included a stealth rootkit in the programing of music cds to protect thier copyrights.For any who don't know what this means (I Didn't) it's a hidden program that installs if you play one of these cds.It can't be removed without without severly screwing your machine (at least at the point I'm posting this).It can be abused to sidesteped any firewall and anti virus program and infect your computer.Here are some links to provide more info.

http://www.theoasisforums.com/yabbse/index.php/topic,4383.0.html

http://www.cnn.com/2005/TECH/internet/11/10/sony.hack.reut/index.html

http://www.theregister.co.uk/2005/11/10/sony_drm_trojan/

http://news.yahoo.com/s/pcworld/20051111/tc_pcworld/123511

I realize some of us are allready aware of this story, I just wanted to make sure members here were aware of it.

 

[Oversoul]

Thanks for the heads-up, Sageridder.

 

[Nightstalkers]

So in other words Sony is adding a virus to their CDs so that you can't steal their music?

Okay... what about people like me who buy CDs, copy the music, and put it onto their MP3 players?


Oh... oh... howabout those of us who think this is hacking by a company?

 

[Spiderman]

I don't think it's technically a virus as there's some type of warning on the packaging that the material on the CD is "protected". It just doesn't make clear what the protection is (which apparently is pretty lethal).

 

[sageridder]

It's more that it sets your machine up to be exploited and the means to do it are put on your machine by playing the cd, not sure if that is true of an mp3 made from the cd but maybe.It can be exploited once on your machine even behind a firewall, and anti virus and anti spam programs won't find it as the rootkit stays hidden from the system itself.From Wikipedia Uses of rootkits.

"A rootkit is often used to hide utilities used to abuse a compromised system. These often include so called "backdoors" to help the attacker subsequently access the system more easily. For example, the rootkit may hide an application that spawns a shell when the attacker connects to a particular network port on the system. Kernel rootkits may include similar functionality. A backdoor may also allow processes started by a non-privileged user to execute functions normally reserved for the superuser. All sorts of other tools useful for abuse can be hidden using rootkits. This includes tools for further attacks against computer systems the compromised system communicates with such as sniffers and keyloggers. A common abuse is to use a compromised computer as a staging ground for further abuse. This is often done to make the abuse appear to originate from the compromised system or network instead of the attacker. Tools for this can include denial-of-service attack tools, tools to relay chat sessions, and e-mail spam attacks.

A recent example where a rootkit was used on commercial CDs for digital rights management purposes is the 2005 Sony CD copy protection controversy."


Link http://en.wikipedia.org/wiki/Rootkit

 

[Spiderman]

Just to keep in mind that it was only used on about 20 artists, of which roughly 4 millions discs were made total and 2 million sold.

 

[Nightstalkers]

It's all about wording.

Sure you can put something on it that says "Protected against copying" and people will just smile and nod.... but if you put one something like "Will compromise your computer's security against hackers and viruses" all of a sudden it's evil and nobody wants it.

 

[Spiderman]

Technicalities are based on wordings

Viruses come at you with no warning whatsoever and try to masquerade as something else. Sony's protection does do what it's supposed to - prevent copying of tracks after x times, it just happens to disable to the CD player if manually removed.

And it in itself doesn't open up your computer, it just "cloaks" the files by naming them so traditional spyware couldn't find them. Once this was posted on the finder's blog, hackers used that same naming convention for their own works. Anyone could have done it - it's just that Sony got there first and the hackers followed.

 

[EricBess]

Actually, my understanding is that the Sony software was installing the RootKit changes and the viruses that were developed were taking advantage of those changes.

So, while it wasn't a virus itself, what Nightstalker is saying about compromising your computer against viruses is fairly accurate as far as I can tell...

 

[Spiderman]

That's pretty much what I said.

The rootkit itself doesn't open up the computer to viruses; the viruses just take advantage of the naming scheme. However, apparently either in the uninstall process or while the rootkit is installed (definitely the former, not sure of the latter), a connection is made to the internet to connect to Sony and send them info without you knowing it (I think - I don't think you have to sign a disclosure when you run the CD). So that connection opens you up to viruses and all sorts of mayhem.

And I've also heard that it's more like 50 titles, not the 20 I said earlier.

 

[EricBess]

Ah, sorry...I guess Nightstalker was clarifying...I need to read more carefully next time

 

[Ferret]

Interesting. So, Sony wants to protect the "Intelectual Property" of their artists by installing trojans on PC's? Nice. Of course, since they're trying to make it easier for hackers to hit your system it's only a matter of time before a hacker finds a way around it...

-Ferret

"Locksmiths and lockpicks..."

 

[mythosx]

Now that you guys pretty much nailed down what it does, we have to ask the question, "What do you think the impact is? Was sony right in using such codes? What about end user and fair use acts and rights?"

 

[Spiderman]

Heck no. Sony should not have used it without a clear disclosure of what happens when you put a CD in the drive AND what happens when you try to remove it.

 

[Ferret]

Exactly. I think that if you're going to use some kind of security like that you should disclose all of the consequences. I think that a savvy lawyer could try and make a good case against them if they wanted to...

-Ferret

"As long as the lawsuits don't delay the release of the PS3..."

 

[mythosx]

good point...do you think there should be a class action lawsuit against them? actually the count I believe is much higher than just 50 cd's because I actually have bought japanese cd's going all the way back to 2002-2003 with this kind of code on it. It doesn't allow you to copy it except to mini-disc.

 

[Spiderman]

That might be a different type of copy protection; you'd have to talk to an expert to make sure.

I can see a class action suit but Sony would probably just offer to replace the CDs without the protection. I don't think they're going to do any more than that, like replacing your CD drive if it got hosed.

 

[mythosx]

Correct me if I am wrong but the main issue isn't the fact that these "stealth codes damage your products but rather they can and have been adapted to be used by virus writers. You could argue that eventually some one else would have developed the code for it. But the point is a billion dollar corperation unleashed codes that could be used to compromise security systems and is being adapted to hackers on a daily basis is very irresponsible. This is the reason why you can not buy nitrogen based fertelizers from Home Depot. It would be irresponsible for the manufucter and the retailer to sell fertilizers that may be converted to bombs.

 

[HOUTS]

The real point is rather anyone with basic computer knowledge can easily get around this "program" or "virus". However, those less 'able' will be forced to asking people like US to fix it.

No big thing. This kind of thing has been done the past with games, cd's, programs without most people even being aware.

*Goes back to playing his Xbox 360 Modified Gamer Box that has all games burned in, free, and ready to play on-line*

*smirk*

-HOUTS

 

[Spiderman]

mythosx: My understanding is that other virus writers simply adapted the naming conventions that Sony used to "hide under the radar". Like I said before, someone would have (probably) used that naming standard eventually - Sony just got there first and tried to used it for "benign" purposes.