November 14, 2005 | By Seth Schoen

Warning: Sony XCP Uninstaller Creates Security Holes

Many people have been concerned about the security risks of the XCP copy restriction software bundled on several recent Sony/BMG music CDs. Sony has made available a remarkably difficult-to-obtain uninstall program, which is not even capable of uninstalling all the components of the XCP system. However, Finnish security researcher Muzzy reported that this uninstall program introduces its own set of possible security problems -- and that it may even make matters worse.

Today, following up on this possibility, Ed Felten and Alex Halderman announced that they have

confirmed that Sony's Web-based XCP uninstallation utility exposes users to serious security risk. Under at least some circumstances, running Sony's Web-based uninstaller opens a huge security hole on your computer. We have a working demonstration exploit.

As Muzzy demonstrated, and Felten and Halderman have confirmed, the Sony update program leaves behind additional code with its own set of serious security vulnerabilities. As a result, Felten and Halderman encourage those infected with the Sony/BMG rootkit not to use the Sony-provided uninstaller. For the time being, Sony has not left its customers with any safe recourse.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

We're calling on the Copyright Office to ask USTR to re-think its copyright term proposals in TPP. Join us: https://eff.org/r.4etj

Jul 28 @ 4:41pm

Ethiopian PM Desalegn promised reform, but the country has a long way to go on civil liberties: https://eff.org/r.rl7b

Jul 28 @ 3:37pm

A cool new initiative from the Library Freedom Project will install Tor exit nodes in libraries: https://eff.org/r.22s6

Jul 28 @ 3:16pm
JavaScript license information