Sony BMG is again caught up in a row about its anti-piracy software. Digital rights groups have warned the music maker about vulnerabilities in its MediaMax copy protection system created on users PCs.
Sony BMG is again caught up in a row about its anti-piracy software. Digital rights groups have warned the music maker about vulnerabilities in its MediaMax copy protection system created on users PCs. The same groups have now found that a patch Sony produced to close these holes is itself insecure and leaves users open to a separate attack.
The MediaMax system has been used on more than 5.7 million CDS spread across 50 titles sold in the US and Canada. On 6 December Sony BMG and digital rights group the Electronic Frontier Foundation (EFF) issued a joint statement about the discovery of problems with the MediaMax anti-piracy system made by SunnComm.
The statement warned that anyone putting a music CD bearing the MediaMax software in their PC introduced a vulnerability that malicious hackers could hijack to win control of a machine. This problem was discovered by iSEC Partners following a request from the EFF to analyse the SunnComm software. The statement also pointed users to a software patch that was supposed to close this loophole. “It’s a security vulnerability and therefore needs to be dealt with,” said Thomas Hesse, president of global digital business for Sony BMG in the statement. However, the EFF has now urged users not to apply this patch as separate work by security researchers Ed Felten and Alex Halderman shows it too introduces vulnerabilities.
“We take any security problems identified by these security researchers very seriously,” said the EFF. Dr Felten and Mr Halderman called on Sony BMG to recall all the CDs bearing the MediaMax software. Sony BMG said the MediaMax copy protection system, which is supposed to stop people making illegal copies of CDs, has been used on 50 titles. It said approximately six million CDs using MediaMax have been shipped to stores. Affected artists include Alicia Keys, Britney Spears, Black Rebel Motorcycle Club and Faithless.
The news comes just as the furore about Sony BMG’s XCP copy protection system was starting to die down. The row over the virus-like abilities of XCP forced Sony to recall all the CDs using it and issue new discs to consumers. Sony is also facing legal action over its use of XCP.