Slyck.com
Search Slyck  
Anonymous
Welcome
 
New MediaMax Patch Just as Vulnerable
December 7, 2005
Thomas Mennecke
Font Bigger Font Smaller
The Sony-BMG fiasco has taken many twists and turns. Originally confined to the XCP (Extended Copy Protection) scheme manufactured by First4Internet, it was soon discovered that Sony-BMG CDs "protected" with SunnComm's MediaMax version 5 DRM also presented serious security vulnerabilities.

DRM and restrictive arguments aside, there are no fundamental security risks surrounding the MediaMax software. However the implementation of MediaMax has been discovered to present dangerous security risks.

In order to play a CD with MediaMax technology, full administrator privileges must be enabled at all times. To enhance security, many people only enable full administrator privileges to install software or make upgrades to the operating system. Adding to the security problem, the MediaMax files are stored in an easily accessible folder regardless of your security setting. Also keep in mind that MediaMax installs software even if you decline the EULA. How is this significant?

MediaMax executes a program called “MMX.exe” every time you run a CD with SunnComm’s copy protection. A devious individual could replace the MMX.exe file with a malicious version. With full administrator privileges enabled, there is no limit to what damage can be accomplished. One could insert this malicious software physically when the administrator is away, or by creating an email trojan and hope someone takes the bait. The end result could leave your computer open to very serious localized security issues. And if someone is truly malicious, he or she could craft a more wide spread problem.

This issue was confronted by the EFF (Electronic Frontier Foundation), iSEC Partners and Freedom-to-tinker.com. In response, Sony-BMG and SunnComm issued a patch which addressed the security issues. Independent security firm NGS Software reviewed and approved the measure taken by SunnComm and Sony-BMG.

“After carefully researching the security vulnerability presented to us by SONY BMG, we have determined that it is not uncommon and, importantly, it is easily fixed by applying a software update,” said NGS Software Director Robert Horton. As George Bush would say, “mission accomplished.”

However, like Geroge Bush, we’ll have to revise this statement to “a mission accomplished.”

In the entire month this Sony-BMG DRM fracas has been going on, does anyone honestly think one patch will resolve the issue? Freedom-to-tinker.com’s Ed Felten and J. Alex Halderman certainly don’t think so. Indeed, the “security patches” issued by Sony-BMG and SunnComm present their own set of security issues.

Let’s go back to our initial scenario. Now this ultra crafty and highly intelligent individual who’s hell bent on destruction anticipated this move by SunnComm and Sony-BMG. Knowing a patch would eventually be released, the individual subversively installs a “booby trap” in the MediaMax folder. When an attempt is made to either uninstall or patch the MMX.exe file, the trap is sprung and the world is theirs. In this case, the trap waits until the new Sony-BMG or SunnComm patch is applied.

This issue is currently being addressed by the EFF and Freedom-to-tinker.com. Surprisingly, if you happen to have installed the MediaMax software, or just inserted a CD with such protection, the best course of action is to do nothing and turn off autorun. Sony-BMG and SunnComm have both been advised of this pressing issue, and it is anticipated a new patch will be released.


This story is filed in these Slyck News categories
File-Sharing/P2P Related :: DRM
Legal/Courtroom :: Other Lawsuits

You can discuss this article here - 28 replies

© 2001-2017 Slyck.com