Flaw found in Sony DRM patch
Published: 09 Dec 2005 09:05 GMT
Sony BMG is replacing a patch for its CD copy-restriction software after Princeton University researchers found a security flaw in the update.
Sony announced on Tuesday that a new risk had been found with a batch of 27 of its CDs, which automatically install DRM software on hard drives when put into a computer's disc drive. Along with the Electronic Frontier Foundation, a digital rights group, the record label released a patch aimed at fixing that flaw.
However, Princeton computer science professor Ed Felten wrote in his blog on Wednesday that the patch itself could open computers to attack by hackers.
Sony executives said Thursday that they are working as closely as possible with security professionals to address the issues identified by Felten, and would have a new patch available by midday that day.
"The security space is a dynamic one, as we have learned," said Thomas Hesse, president of Sony's global digital businesses. "Our goal is to be diligent and swift, and we have gone to experts to handle this issue."
Sony's ongoing troubles with DRM software highlight the delicate line that record labels and other content companies are walking in trying to protect their products from widespread duplication.
The labels' technological attempts to create a copy-restricted CD that retains compatibility with millions of old CD players have opened them up to the unfamiliar hazards of software development. Several of Sony's attempts to patch security holes in its DRM software over the past weeks have turned out to raise their own new problems, instead of quelling concerns.
The current security flaw in Sony's discs is related to software produced by SunnComm Technologies and affects 27 titles that remain on the market.
It's separate from an earlier vulnerability that affected 52 other titles and that related to DRM software written by another company, First 4 Internet. Those titles have been recalled from store shelves.
The flaw found by Felten could allow Sony's original patch to trigger malicious software on a computer, if that software was already in place when the patch was installed.
Did you find this article useful?
84 out of 180 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
Full Talkback thread
5 comments
-
You should know that
1:
Sony has not recalled an... Chuck Stewart -
The biggest thing here is that Sony is hurtin... Daniel Bunyard -
Why would anyone in their right mind EVER buy anot... Anonymous
-
At the time of this writing, SONY is still offerin... dcmoose
-
I was all set to purchase a 50 inch plasma TV for... Anonymous
