Sony hacks your machine

November 3, 2005

Mark (of Sysinternals Blog) discovered that Sony had surreptitiously installed anti-copy software on his computer, then used a typical hacker process (a “rootkit”) to hide this software from virus-checkers, process listers, and so on. At no point was the customer ever notified that this software was going to be installed—according to Mark, it was not even referenced in the EULA.

Sony has released a “service pack” that removes this rootkit. [Update: Does not remove rootkit, see below.] They imply that people who complained (their paying customers, natch) were big babies:

This component is not malicious and does not compromise security. However to alleviate any concerns that users may have about the program posing potential security vulnerabilities, this update has been released to enable users to remove this component from their computers. [ Sony BMG, emphasis mine ]

As far as I’m concerned, Sony intentionally had to compromise computer security to install this in the first place, but Mark explained in his original post how it clearly did compromise security in other ways—the application hid any file identified by a specific naming convention. This means anyone wishing to infect your computer could hide their software merely by using Sony’s rootkit’s naming convention—they do not have to install their own rootkit to do so. In my opinion, this compromises security in a dramatic fashion.

There are other concerns:

• The rootkit lets Sony hide and run any application on your computer.
• The rootkit was sloppily written and consumed far more computer resources than it should have—what would multiple instances have done?
• Attempting to uninstall the rootkit—say, because a computer security sweep turned it up—disabled your CD-Rom drive.
• Who knows what Sony would have decided to do next—open a door to your computer to see if you had copied music anyway?
• If such applications were standard practice, the potential for conflicts is immense.

Whatever Sony might say, they made it easier for themselves—and anyone else who knew the magic code phrase—to do what they wanted with infected computer ¹. They did it without notifying the customer and—if the Coldplay CD I bought recently is any indication—without any obvious marking on the exterior of the package to let you you were buying a crippled CD in the first place. In the process, they probably violated anti-hacking laws in several countries. Saying “stop whining, we didn’t hit you that hard” is not an appropriate response.

Update 2:20 PM The file does not remove the rootkit, just the associated “cloaking” portion. So Sony’s unasked-for and un-annouced software remains on your computer. More here. Needless to say, this is even less of an appropriate response than I thought previously.

¹ Note to Linux/Mac smugbots: You are safe because your OS is not widely used, not because your OS is more secure, so don’t even start with the “if you were using X, this wouldn’t be a problem.” My OS is actually safe as well. Your computer is not an island, entire of itself. It is a piece of the continent, a part of the main, and if you’re safe now it’s because they haven’t gotten around to you yet.

Originally found on BoingBoing

Posted in Technology