Print
Discuss
Send to friend
RSS feeds
Daily news podcast
Sony's latest digital rights management technology being rolled out on some of its audio CDs could cause user systems to malfunction if other record labels begin deploying similar protection, according to Jarno Niemela, a researcher at F-Secure's laboratory.
"I think that record companies should stop playing with rootkits and other 'black hat' techniques [before they] cause major grief to the customers," Niemela warned on F-Secure's blog.
Sony BMG has equipped some of its music CDs with rootkit and DRM technology developed by First 4 Internet.
The software limits the number of copies that a user can make, and regulates which file formats can be used when ripping the music. The rootkit renders the DRM technology invisible to the user and the system, including to antivirus tools.
While F-Secure and other security vendors have argued that Sony's technology poses a security risk, Niemela pointed to another danger.
When users first put the audio CDs in their computer, an application is installed that promises to play the files and includes the DRM and rootkit.
This will actually change the plumbing of the system, rerouting all data coming from the CD drive to run past the DRM technology.
Users who have tried to change the settings and remove the software have rendered the CD drive useless because data streams inside the system are interrupted.
The same is likely to happen if other record labels take a approach similar to Sony's, warned Niemela.
"Imagine a situation where a user buys a CD from Label A and another CD from Label B. Label A uses third-party DRM from Company X and Label B uses third-party DRM from company Y," he explained.
"Then the user first plays one of the CDs in his PC, and everything works fine. But after he starts playing the second CD, his computer crashes and won't boot again. This is something I would not like to associate with buying legal CDs."
"In order to hide from the system a rootkit must interface with the operating system on a very low level where there is no room for error.
"It is hard enough to program something on that level, without having to worry about any other programs trying to do something with the same parts of the operating system."
All Privacy & Data
del.icio.us
Digg this
reddit!
