vnunet.com analysis: Sony CD rootkit could spell doom

Sony accused of undermining system stability in its crusade to protect copyright

Sony's latest digital rights management technology being rolled out on some of its audio CDs could cause user systems to malfunction if other record labels begin deploying similar protection, according to Jarno Niemela, a researcher at F-Secure's laboratory.

"I think that record companies should stop playing with rootkits and other 'black hat' techniques [before they] cause major grief to the customers," Niemela warned on F-Secure's blog. 

Sony BMG has equipped some of its music CDs with rootkit and DRM technology developed by First 4 Internet.

The software limits the number of copies that a user can make, and regulates which file formats can be used when ripping the music. The rootkit renders the DRM technology invisible to the user and the system, including to antivirus tools.

While F-Secure and other security vendors have argued that Sony's technology poses a security risk, Niemela pointed to another danger.

When users first put the audio CDs in their computer, an application is installed that promises to play the files and includes the DRM and rootkit.

This will actually change the plumbing of the system, rerouting all data coming from the CD drive to run past the DRM technology.

Users who have tried to change the settings and remove the software have rendered the CD drive useless because data streams inside the system are interrupted.

The same is likely to happen if other record labels take a approach similar to Sony's, warned Niemela.

"Imagine a situation where a user buys a CD from Label A and another CD from Label B. Label A uses third-party DRM from Company X and Label B uses third-party DRM from company Y," he explained.

"Then the user first plays one of the CDs in his PC, and everything works fine. But after he starts playing the second CD, his computer crashes and won't boot again. This is something I would not like to associate with buying legal CDs."

"In order to hide from the system a rootkit must interface with the operating system on a very low level where there is no room for error.

"It is hard enough to program something on that level, without having to worry about any other programs trying to do something with the same parts of the operating system."

Since news about the Sony DRM technology became public, it has caused a backlash against the record label and its bands.

Online consumers have called for a boycott of the bands that sell CDs with the rootkit. Amazon user ratings of a CD from Van Zant which uses the technology have plummeted. 

Sony's DRM aims to protect its copyrights and the rootkit is designed to prevent users removing the technology.

But security experts warned last week that the technology can easily be exploited by worms, spyware and other malicious software, which could use the rootkit to dodge detection by antivirus tools.

"Sony's motives are reasonable from its point of view, but it is a terrible security hole," Roger Thompson, chief executive at security provider Worm Radar, told vnunet.com last week. 

"The risk is that [worms] now have a place to hide things where antivirus programs cannot see them. They can tuck themselves in under the protection of the rootkit."

Thompson's assertions are backed up security providers including Kasperksy Labs and F-Secure.

Sony maintains that there are no security risks involved with its technology. Last week the company issued a patch that allows virus and spyware filtering software to remove the technology, but on its website the vendor maintains that "this component is not malicious and does not compromise security".

Sony claims that it issued the patch to reach out to consumers following reports about its technology and the resulting concerns.