New York, NY (December 8, 2005)–Copy protection problems continue to plague Sony BMG. On December 6, the Electronic Frontier Foundation (EFF) and Sony BMG Music Entertainment issued a joint statement that MediaMax security measures included on certain titles leave the Windows-based PCs that they are played on vulnerable.
The EFF has since advised that the software patch designed to fix those problems also leaves users’ computers exposed and have now advised consumers not to apply the patch. Security researchers Ed Felten and Alex Halderman discovered the security problem in the patch and have called on Sony BMG to recall all CDs using MediaMax software. According to reports, MediaMax protection is included on 50 titles that have shipped a total of 5.7 million copies in North America, including CDs by Alicia Keys, Britney Spears and Black Rebel Motorcycle Club.
The Electronic Frontier Foundation (EFF) and Sony BMG Music Entertainment announced on December 6 that SunnComm had made available a software update to address a security vulnerability with its MediaMax Version 5 content protection software on certain Sony BMG CDs. The vulnerability was discovered by the security firm iSEC Partners after EFF requested an examination of the SunnComm software.
Halderman, in a statement on the Freedom to Tinker blog, stated, “Simply inserting a MediaMax-bearing CD into your PC paves the way for an attacker to come along and set a booby-trap. The trap will be sprung the next time you insert such a disc.” Further, he writes, the patch is also not secure: “It turns out that there is a way an adversary can booby-trap the MediaMax files so that hostile software is run automatically when you install and run the MediaMax patch.” The previously released MediaMax uninstaller displays a similar loophole, he adds.
Electronic Frontier Foundation