Sony Rootkit 'Fix' Brings More Trouble
Just when you thought the Sony BMG copy-protection debacle couldn't get any worse, two Princeton researchers have discovered a security flaw in the software provided by the company to uninstall its controversial DRM.
The flaw was initially suggested over the weekend by a Finnish researcher, and verified Monday by a computer science team at Princeton University.
According to the report, when a user fills out the Web-based form to request the download, an ActiveX file called CodeSupport is loaded onto the computer. However, after the user leaves Sony's site, the file is still marked as "safe" for scripting.
The result of this error on First 4 Internet and Sony's part is potentially severe. Any site could call the CodeSupport file and ask it to perform functions, such as downloading and installing malicious code. Because the software does not make sure the code it is running actually comes from Sony, it opens the door for anyone to take advantage of an affected system.
"If you visit that Web page with Internet Explorer, and you have previously requested Sony's uninstaller, then the evil program will be downloaded, installed, and run on your computer, immediately and automatically," Ed Felten wrote Tuesday on the Freedom to Tinker Web log. "Your goose will be cooked."
Felten, a professor of computer science at Princeton, says he and his team were able to successfully build an exploit using the uninstaller code, but he is not releasing details of it to the public pending a fix for the vulnerability.
Sony has since replaced the Web-based option with an executable file that Felten said appears to be safe. Only those that may have used the Web-based fix are at risk from the CodeSupport flaw, he explained.
For the time being, Felten had one suggestion: "For now don't accept the installation of any software delivered over the net from First4Internet. That will keep CodeSupport off you machine, if it’s not already there."