November 14, 2005 | By Seth Schoen

Warning: Sony XCP Uninstaller Creates Security Holes

Many people have been concerned about the security risks of the XCP copy restriction software bundled on several recent Sony/BMG music CDs. Sony has made available a remarkably difficult-to-obtain uninstall program, which is not even capable of uninstalling all the components of the XCP system. However, Finnish security researcher Muzzy reported that this uninstall program introduces its own set of possible security problems -- and that it may even make matters worse.

Today, following up on this possibility, Ed Felten and Alex Halderman announced that they have

confirmed that Sony's Web-based XCP uninstallation utility exposes users to serious security risk. Under at least some circumstances, running Sony's Web-based uninstaller opens a huge security hole on your computer. We have a working demonstration exploit.

As Muzzy demonstrated, and Felten and Halderman have confirmed, the Sony update program leaves behind additional code with its own set of serious security vulnerabilities. As a result, Felten and Halderman encourage those infected with the Sony/BMG rootkit not to use the Sony-provided uninstaller. For the time being, Sony has not left its customers with any safe recourse.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

California's legislature just sent gang database reform to @JerryBrownGov. Now let's make sure he signs A.B. 2298 https://action.eff.org/o/9042...

Aug 30 @ 10:04am

Local-level LOVEINT: @TB_Times digs into police abuse of Florida's driver database http://www.tampabay.com/news/...

Aug 30 @ 9:24am

Thank you to Senators Mark Leno and Joel Anderson, champions of strong CalECPA privacy protections! #EFFPioneers16 https://www.eff.org/pioneer2016

Aug 29 @ 4:13pm
JavaScript license information