Author: J. Alex Halderman
-
AACS: A Tale of Three Keys
[Previous posts in this series: 1, 2, 3, 4, 5, 6, 7.] This week brings further developments in the gradual meltdown of AACS (the encryption scheme used for HD-DVD and Blu-Ray discs). Last Sunday, a member of the Doom9 forum, writing under the pseudonym Arnezami, managed to extract a “processing key” from an HD-DVD player…
-
Diebold Shows How to Make Your Own Voting Machine Key
By now it should be clear that Diebold’s AccuVote-TS electronic voting machines have lousy security. Our study last fall showed that malicious software running on the machines can invisibly alter votes, and that this software can be installed in under a minute by inserting a new memory card into the side of the machine. The…
-
AACS: Game Theory of Blacklisting
[Posts in this series: 1, 2, 3, 4, 5, 6, 7.] This is the fourth post in our series on AACS, the encryption scheme used for HD-DVD and Blu-Ray discs. We’ve already discussed how it’s possible to reverse engineer an AACS-compatible player to extract its secret set of device keys. With these device keys you…
-
AACS: Blacklisting, Oracles, and Traitor Tracing
[Posts in this series: 1, 2, 3, 4, 5, 6, 7.] This is the third post in our discussion of AACS, the encryption scheme used for HD-DVD and Blu-Ray discs. Yesterday Ed explained how it is possible to reverse-engineer a player to learn its secret device keys. With the device keys, you can extract the…
-
CD DRM: Attacks on Disc Recognition
Ed and I are working on an academic paper, “Lessons from the Sony CD DRM Episode”, which will analyze several not-yet-discussed aspects of the XCP and MediaMax CD copy protection technologies, and will try to put the Sony CD episode in context and draw lessons for the future. We’ll post the complete paper here next…
-
Make Your Own Copy-Protected CD with Passive Protection
Here’s a great gift idea just in time for the holidays: Make your friends and relatives their very own copy-protected CDs using the same industrial-grade passive protection technology built into XCP and Macrovision discs. Passive protection exploits subtle differences between the way computers read CDs and the way ordinary CD players do. By changing the…
-
Hidden Feature in Sony DRM Uses Open Source Code to Add Apple DRM
For weeks, the blogosphere has been abuzz with tales of intrigue about Sony’s XCP copy protection system. Among the strangest revelations was that XCP itself infringes on the copyrights to several open source software projects. In one case, Sam Hocevar found conclusive evidence that part of XCP’s code was copied from a program called DRMS,…
-
MediaMax Permanently Installs and Runs Unwanted Software, Even If User Declines EULA
In an earlier post I described how MediaMax, a CD DRM system used by Sony-BMG and other record labels, behaves like spyware. (MediaMax is not the same as XCP, the technology that Sony-BMG has recalled; Sony-BMG is still shipping MediaMax discs.) MediaMax phones home whenever you play a protected CD, automatically installs over 12 MB…
-
Not Again! Uninstaller for Other Sony DRM Also Opens Huge Security Hole
I have good news and bad news about Sony’s other CD DRM technology, the SunnComm MediaMax system. (For those keeping score at home, Ed and I have written a lot recently about Sony’s XCP copy protection technology, but this post is about a separate system that Sony ships on other CDs.) I wrote last weekend…
-
Update: Sony Uninstaller Hole Stays Open
Earlier today Ed Felten and I reported a serious security hole opened by the uninstaller that Sony provides to users who want to remove the First4Internet copy protection software. Further testing has confirmed that computers remain vulnerable even after the uninstall process is complete. Sony’s web-based uninstaller is a three step process: You fill out…
-
Sony Shipping Spyware from SunnComm, Too
Now that virus writers have started exploiting the rootkit built into Sony-BMG albums that utilize First4Internet’s XCP DRM (as I warned they would last week), Sony has at last agreed to temporarily stop shipping CDs containing the defective software: We stand by content protection technology as an important tool to protect our intellectual property rights…
-
CD DRM Makes Computers Less Secure
Yesterday, Sysinternals’s Mark Russinovich posted an excellent analysis of a CD copy protection system called XCP2. This scheme, created by British-based First4Internet, has been deployed on many Sony/BMG albums released in the last six months. Like the SunnComm MediaMax system that I wrote about in 2003, XCP2 uses an “active” software-based approach in an attempt…