Security experts have found that a hidden antipiracy technology on some Sony BMG music CDs causes dangerous computer vulnerabilities —...

Share story

Security experts have found that a hidden antipiracy technology on some Sony BMG music CDs causes dangerous computer vulnerabilities — as does the company’s method for removing the original program. Among questions users might have:


Q: How do I know if I bought one of these CDs?


A: Sony BMG has not released a list of titles with the so-called XCP technology. But you can check the back of discs for this printed Web site: http://cp.sonybmg.com/xcp


The link indicates the disc is protected by XCP. The Electronic Frontier Foundation has published a partial list of affected CDs at www.eff.org/deeplinks/archives/004144.php


Sony has stopped making discs with the technology and is recalling ones already sold.


Q: What happens if I have one of the discs?


A: Nothing bad can happen if you play the disc only on conventional stereo systems or on Macintosh or Linux computers.


But if you’ve played the disc on a Windows computer, the CD installed a program that limits your ability to copy songs. The program also cloaks the files in installs. Virus writers have released programs that exploit the cloaking feature.


Sony BMG activated a Web site that enabled PC users to remove the XCP software, but that method opened up new vulnerabilities that could let outsiders take over a computer, researchers say.


Q: I filled out that online form to remove the original program, and now I’m worried I’m vulnerable. What should I do?


A: According to Princeton University researchers Ed Felten and J. Alex Halderman, you can try to delete the dangerous component left by the online form. It’s called CodeSupport. Guidance how to do that can be found on their blog posting at http://www.freedom-to-tinker.com/.