For the second time in two months, Sony BMG has been forced to admit that software embedded into millions of its music CDs can leave users' computers vulnerable to attack from malicious hackers. The software, which is automatically installed on to a customer's computer when they play one of Sony's CD on it, is designed to protect the company's copyright and prevent bootleg copies of tracks being made.
However, according to the Electronic Frontier Foundation, the internet rights group, the most recent CD software "could allow malicious third parties … to gain control over a consumer's computer running the Windows operating system". The company has been fiercely criticised by internet watchdogs for potentially placing millions of people at risk from online crimes such as identity theft.
Sony has added the software to more than 80 of its titles, for artists ranging from Britney Spears to Billie Holiday. Millions of CDs have had to be recalled from shops, in the midst of the busy pre-Christmas shopping period.The problem applies to CDs marketed in the United States and Canada, although it is possible that export copies have made their way to British shops. For a guide on how to identify affected CDs, click here.
Sony told Times Online that CDs manufactured for the UK market are not affected. They are best identified by having "Manufactured in the EU" on the back. However, the company has no way of tracking imported CDs that carry the software. The latest warning is the second similar setback for the group in its battle against copyright abuse. Last month, Sony was forced to withdraw millions of CDs from sale after a blogger discovered the record label was infecting users' computers with another type of "spyware", which also left PCs vulnerable to hackers and damaged them when it was removed.
Mark Russinovich uncovered the Sony software, designed to secretly protect its copyright, on his blog, sysinternals.com . The American Government, Microsoft and several anti-virus companies issued warnings following Mr Russinovich's report. Sony now faces several legal cases in America after being critcised for not telling customers about the spyware programme – known as a "rootkit" – earlier. Rootkits are often used by hackers to hide viruses on hard drives and several virus writers had begun distributing malicious codes that took advantage of the Sony security flaw.
On the latest security issue, Kurt Opsahl, an EFF lawyer, said: "We're pleased that Sony BMG responded quickly and responsibly when we drew their attention to this security problem. Consumers should take immediate steps to protect their computers."
Sony has said it will run an online advertising campaign to warn of the dangers posed by the CDs and where to find security patches to protect computers. Music companies were hit by an explosion of digital piracy after sites such as KaZaA and Napster enabled people to share their music collections with each other. The music companies' revenues slumped as users turned to the web for free music.
Bruce Schneier, a security expert who runs schneier.com, said the real question was how many other such programs were already being used. What happens the "next time some multinational company decides that owning your computers is a good idea?" he said.
Article by Rhys Blakely.
Repost from TIMESOnline.
Comments