In 2005, Sony BMG installed DRM software on users’ computers without clearly notifying the user or requiring confirmation. Among other things, the software included a rootkit, which created a security vulnerability. When the nature of the software was made public much later, Sony BMG initially minimized the significance of the vulnerabilities, but eventually recalled millions of CDs, and made several attempts to patch the software to remove the rootkit. Class action lawsuits were filed, which were ultimately settled by agreements to provide affected consumers with a cash payout or album downloads free of DRM.[32]
There were some people that went out and purposefully installed the rootkit. Why would someone do that? Those people like to cheat in games. The rootkit would let them hide their cheat software from anti-cheat software that scanned what processes were running.
Recently a similar thing has happened.
on Minecraft or rust, if an admin suspects you of cheating, you used to give him a TeamViewer session and the admin would check the PC for cheats (or ban you if you refuse).
Some guys made echo.ac, a software that mostly automates this check by scanning the PC and reporting the results on a web page the admin can check. I’m not going to go on the privacy issues this test given under duress causes, I’m sure you get the point.
In order to “analyze the memory of running processes” (apparently literally just a string search for common cheat tools in processes working memory), this tool registers a device driver (running as NT authority\system, of course) that is signed by Microsoft (required for distribution). The problem is that when a driver starts reading process memory like that, real anti-cheat solutions don’t like that. Users of echo.ac got banned from rust (to no fault of their own, really), which uses Easy AntiCheat, but the EAC team was quick to whitelist the driver as obviously it wasn’t a cheat driver.
Unless…
Yeah the driver has no security whatsoever and you can use it to cheat the fuck out of ANY game that uses EAC. People have been installing the anticheat tool just to get the driver, and then they can modify the game’s memory as they wish. Of course EAC would normally ban you for this but the driver is whitelisted :).
Turns out the driver being vulnerable also means on any machine it is installed you can elevate your privileges to NT authority\system and if a virus gets there you’re reinstalling your machine.
The cherry on top is that the echo.ac team and it’s CEO have been really salty about all of this and have blocked the researcher who found this out on Twitter, while it is verified that people were exploiting this for cheating.
Those who don’t know history are doomed to repeat it.
I saw another Lemmy post asking “What is something illegal that your workplace did?” and started typing a warning but figured I’d just get downvoted for some “boomer take” as if Lemmy wasn’t recently massively compromised.
Interesting… I wonder how many hackers took the rootkit and used it for other nefarious things…
I was always wanting to know what DRM software actually was and found this. I wasn’t aware that this happened.
Yeah it made pretty big headlines. It wasn’t so much the DRM but more the way they went about sneaking it onto people’s systems. And even after people were exploiting the kit, Sony did this:
“Russinovich noted that the removal program merely unmasked the hidden files installed by the rootkit but did not actually remove the rootkit.”
There are few companies I will never support. Sony is one of them. They have absolute seething hate and disrespect for their customers.
What does sony even sell now that people would buy? I am much less aware of them in the marketplace now.
PlayStation comes to mind…
Of course, PS.
Do they still make headphones and receivers? TVs?
They do sell headphones, yes. Not sure about the other stuff.
They also sell phones and cameras.
Playstation is the first that comes to mind. It’s a mega conglomerate and is involved in many industries:
https://en.wikipedia.org/wiki/Sony
Mark Russinovich is a cool guy. Hes CTO for MS Azure currently.
Just corporations doing corporation things.
And then the CEO stated that people don’t even know what a rootit is, why should they care? Yeah, I still don’t trust sony.
I don’t trust them after the whole keeping all user data on plaintext fiasco.
It was a funny year. Sony made a rootkit for music CDs. Blizzard made an invasive anticheat. So people started using the Sony rootkit to hide their cheat engines from the invasive anticheat.
Cat and mouse continues
Never have bought a single Sony product since. They never apologized for their outright hostile and damaging behaviour. It’s not much to them, but I bought 10000s of Euros of electronic since then. No cent for them. Fuck Sony.
I too have held a decades-long boycott over this. I had one of those CDs and it would cause a kernel panic if you inserted it. No other user interaction required.
There were tons of issues with earlier DRM models. SecuROM not working with certain disc drives, SafeDisc driver vulnerabilities, StarForce allegedly bricking some hardware, Tages eating up online activations for simple hardware swaps. Everyone hated them, but the Sony rootkit was probably the biggest one at the time. From what I remember there was no mention of it anywhere on the CDs or in the EULA, and when they did get caught their “fix” basically just hid the files while collecting info on you and sending it back to Sony.
That’s it. All you had to have done to be infected was to have ever popped a disc into a PC drive. Was surprised at the time that the backlash seemed so limited.
Autorun was never a safe feature for Windows or any other system to include. It’s been a source of one attack after another over the years. Inserting media should never cause programs on that media to run.
I don’t disagree with this statement in general. That days, I don’t know how old you are and whether or not you were really around the home PC space when the auto run feature first came to be. I can sort of understand what Microsoft was trying to accomplish with it… the mid-90’s were a wild, lawless time with regard to personal computing. There was a lot of heartburn on the end user side because things were changing so rapidly. Getting them to understand that what a “drive letter” was, how to get there, and how to run an application from it (let alone what an application even was) proved challenging even under the best circumstances. The ability to insert a CD into the drive tray and have it “just work” (also a big theme in Win 95/98) was a godsend for a lot of publishers.
Of course, in today’s world, we look at that kind of feature and rightly say “yo, that’s fucking crazy, why would you do that?”, but in the old days it really did help. At the end of the day, it was a useful feature that, like a lot of windows legacy crap, was left in the OS after its usefulness had gone and just became another attack vector.
Thing is, security folks noticed autorun was a problem back then.
I can sort of understand what Microsoft was trying to accomplish with it… the mid-90’s were a wild, lawless time with regard to personal computing.
The “wild lawless time” was not the context in which Microsoft made those poor security designs; it was a consequence of those designs — which were noticed and criticized by security folks at the time.
Another entertaining example is the demythification of email viruses.
In the early 1990s, email viruses were a myth: the Good Times virus was a hoax that told people that they could get a virus by reading an email. At the time that hoax went around, this was not actually possible: email software just displayed text; unless you downloaded an attachment and ran it, you couldn’t get a virus in email. Certainly not just by opening and reading an email.
But then along came Microsoft with Outlook Express, and security vulnerabilities that allowed the action of rendering an email, even in a preview pane, to inject malicious code.
Suddenly email viruses were not a myth anymore; they were everywhere.
I kinda disagree with the context comment though. That era of computing was inherently wild - nobody had figured anything out yet beyond the most basic and general strokes, and security analysts (such as they were) had what would be considered a childish understanding of IT security by modern standards. Heck, Windows95 didn’t even have the TCP stack enabled by default, so when these features were being designed, planned, and coded at Microsoft, there was no context for security on that kind of feature. Wikipedia says that Win95 was in the planning stage in 1992 - I take that with a grain of salt, but the concept is valid. Microsoft was writing the core features of Windows 95 before WAN was even really a thing. Like I said, I don’t disagree with the idea that AutoRun was a terrible thing among many terrible things Microsoft is responsible for, but given the era in which AutoRun came out, it was a reasonable trade-off between security and functionality for the lowest common denominator of user. The whole thing should have been disabled (on 95 and 98) when Windows 98 came out since they should have known better at that point.
To this day, I don’t buy anything with the SONY name on it.
Now do Lenovo.
That was the day we all learned what rootkits were. I remember listening to TWIT talking about it when it happened.
Oh man. I remember this!
Pepperidge farm remembers!
I never bought CDs after about 1999, so this never affected me. However, if I’m remembering correctly, you could get past that nonsense by running a black sharpie marker along the outside of the CD, effectively making that portion unreadable. Unless I’m thinking of something else. Pls correct if this was about another nonsense DRM.