November 14, 2005 | By Seth Schoen

Warning: Sony XCP Uninstaller Creates Security Holes

Many people have been concerned about the security risks of the XCP copy restriction software bundled on several recent Sony/BMG music CDs. Sony has made available a remarkably difficult-to-obtain uninstall program, which is not even capable of uninstalling all the components of the XCP system. However, Finnish security researcher Muzzy reported that this uninstall program introduces its own set of possible security problems -- and that it may even make matters worse.

Today, following up on this possibility, Ed Felten and Alex Halderman announced that they have

confirmed that Sony's Web-based XCP uninstallation utility exposes users to serious security risk. Under at least some circumstances, running Sony's Web-based uninstaller opens a huge security hole on your computer. We have a working demonstration exploit.

As Muzzy demonstrated, and Felten and Halderman have confirmed, the Sony update program leaves behind additional code with its own set of serious security vulnerabilities. As a result, Felten and Halderman encourage those infected with the Sony/BMG rootkit not to use the Sony-provided uninstaller. For the time being, Sony has not left its customers with any safe recourse.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

With "automated speech recognition, the NSA has entered the era of bulk listening," reports @the_intercept. https://eff.org/r.1o6b

May 5 @ 12:05pm

Canada poised to pass anti-terror legislation despite widespread outrage: https://eff.org/r.8dsy

May 5 @ 10:52am

France's National Assembly votes on a sweeping surveillance bill. Will they stand for freedom or for fear? https://eff.org/r.ea0y

May 5 @ 10:14am
JavaScript license information