November 14, 2005 | By Seth Schoen

Warning: Sony XCP Uninstaller Creates Security Holes

Many people have been concerned about the security risks of the XCP copy restriction software bundled on several recent Sony/BMG music CDs. Sony has made available a remarkably difficult-to-obtain uninstall program, which is not even capable of uninstalling all the components of the XCP system. However, Finnish security researcher Muzzy reported that this uninstall program introduces its own set of possible security problems -- and that it may even make matters worse.

Today, following up on this possibility, Ed Felten and Alex Halderman announced that they have

confirmed that Sony's Web-based XCP uninstallation utility exposes users to serious security risk. Under at least some circumstances, running Sony's Web-based uninstaller opens a huge security hole on your computer. We have a working demonstration exploit.

As Muzzy demonstrated, and Felten and Halderman have confirmed, the Sony update program leaves behind additional code with its own set of serious security vulnerabilities. As a result, Felten and Halderman encourage those infected with the Sony/BMG rootkit not to use the Sony-provided uninstaller. For the time being, Sony has not left its customers with any safe recourse.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Apple shows that privacy-threatening cloud computing and data collection do not have to be the industry standard. https://www.eff.org/deeplinks...

Sep 27 @ 4:51pm

Our friends at @calyxinstitute are doing exciting things with nonprofit access to 4G spectrum. https://boingboing.net/2016/0...

Sep 27 @ 4:20pm

Why do the changes to Rule 41 matter? We explain through the example of the "Playpen" government hacking cases. https://www.eff.org/deeplinks...

Sep 27 @ 3:53pm
JavaScript license information