Music Man Cracks DRM Schemes By Quinn Norton Wired News
Story location: http://www.wired.com/news/technology/0,1282,69763,00.html 02:00 AM Dec. 07, 2005 PT The ongoing saga of Sony BMG's sneaky, lawsuit-inducing copy-protection software opened a new chapter Monday when the music company released an uninstaller program to allow customers to remove the offending code from their PCs. The release was Sony's second attempt at erasing its errors -- its previous push of mea-culpaware last month backfired horribly when 24-year-old Princeton University researcher John "Alex" Halderman found that the uninstaller opened up a security hole even worse than the original digital rights management program. And while the discovery shocked outsiders, and embarrassed Sony, it was a little like déjà vu to Halderman, one of a handful of smart researchers who seem determined to hold the recording industry's feet to the fire. "The same companies keep producing new copy-protection technology, and I keep getting interested in it," says Halderman. Years before Sony's rootkit scandal made DRM folly a subject of international news, Halderman was already keeping a close eye on the music industry's technological measures. When, in 2003, DRM-maker SunnComm International introduced a new approach to copy protecting audio CDs in its MediaMax software, Halderman checked it out. His research revealed that the new discs installed software that interfered with the user's ability to copy the audio CD at a kernel level. "It was radically different than anything before; it turned the computer against the user," says Halderman. The software used a Microsoft Windows feature called AutoRun that executes software on a CD without the user's knowledge or consent. Holding down the Shift key stopped AutoRun and prevented the software from being installed. Halderman wrote about the software, and the "infamous Shift key attack," in an academic paper and posted it online. Within 24 hours, SunnComm was threatening a $10 million lawsuit, and vowing to refer Halderman to authorities for allegedly committing a felony under the controversial Digital Millennium Copyright Act, or DMCA. By the next day, the company had backed down in the face of public outrage. Looking back, Halderman says, "The whole experience was a whirlwind.... The response was way bigger than (anything I'd) expected." So Halderman was well prepared when SysInternals security expert Mark Russinovich discovered last October that Sony BMG was using software that works much like SunnComm's MediaMax with an added cloaking technology that could be exploited by more-malicious code. Halderman and his adviser, Princeton professor Ed Felten, picked up the thread, and began a series of revelatory analyses into the functionality and provenance of the stealthy code, which was called XCP and had been produced by U.K. company First 4 Internet. His curiosity rewetted by the affair, Halderman even took a second look at the competing SunnComm system -- still in use -- and found new problems, including the fact that MediaMax secretly installs itself even if the user refuses to click on the license agreement giving it permission to do so. And when Sony released an uninstaller for the First 4 Internet code, it was Halderman who discovered that it came with an ActiveX control that would make users vulnerable to attack through their web browsers. Sony recalled the uninstaller and went back to the drawing board. Halderman's interest in copy-protected CDs began when he was an undergrad, and has continued through grad school under the auspices of Felten. "He likes to do work that is relevant, where he can apply his computer-science knowledge to things that matter to regular people," says Felten. Felten is no stranger to exposing the foibles of DRM schemes. In 2001, the recording industry briefly suppressed Felten's research into a flawed digital-watermarking technology by threatening to invoke the DMCA. Unlike the situation in 2003, Halderman doesn't see much possibility of a suit against him for his Sony research, but the risk is never far from his mind. He says his chosen field forces him to learn about more than just security and DRM. "It's difficult to be only a scientist in this field, you have to know about law, public policy and the business world." Halderman doesn't normally encounter CDs with DRM -- he must actively seek them out for his research. "I mostly listen to opera," he says. "There are very few classical-music discs that are copy protected." The researcher says he plans to dig into Sony's new uninstaller, but he hopes to find nothing negative to report. On future DRM schemes, however, he's not so optimistic. "Manufacturers adopt new tricks with each revision," he says. "If there are new copy-protection programs for CDs, I'll continue to look at them." ================================ George Antunes, Political Science Dept University of Houston; Houston, TX 77204 Voice: 713-743-3923 Fax: 713-743-3927 antunes at uh dot edu Reply with a "Thank you" if you liked this post. _____________________________ MEDIANEWS mailing list [email protected] To unsubscribe send an email to: [EMAIL PROTECTED]
