In 2005, Sony BMG installed DRM software on users’ computers without clearly notifying the user or requiring confirmation. Among other things, the software included a rootkit, which created a security vulnerability. When the nature of the software was made public much later, Sony BMG initially minimized the significance of the vulnerabilities, but eventually recalled millions of CDs, and made several attempts to patch the software to remove the rootkit. Class action lawsuits were filed, which were ultimately settled by agreements to provide affected consumers with a cash payout or album downloads free of DRM.[32]
There were some people that went out and purposefully installed the rootkit. Why would someone do that? Those people like to cheat in games. The rootkit would let them hide their cheat software from anti-cheat software that scanned what processes were running.
Recently a similar thing has happened.
on Minecraft or rust, if an admin suspects you of cheating, you used to give him a TeamViewer session and the admin would check the PC for cheats (or ban you if you refuse).
Some guys made echo.ac, a software that mostly automates this check by scanning the PC and reporting the results on a web page the admin can check. I’m not going to go on the privacy issues this test given under duress causes, I’m sure you get the point.
In order to “analyze the memory of running processes” (apparently literally just a string search for common cheat tools in processes working memory), this tool registers a device driver (running as NT authority\system, of course) that is signed by Microsoft (required for distribution). The problem is that when a driver starts reading process memory like that, real anti-cheat solutions don’t like that. Users of echo.ac got banned from rust (to no fault of their own, really), which uses Easy AntiCheat, but the EAC team was quick to whitelist the driver as obviously it wasn’t a cheat driver.
Unless…
Yeah the driver has no security whatsoever and you can use it to cheat the fuck out of ANY game that uses EAC. People have been installing the anticheat tool just to get the driver, and then they can modify the game’s memory as they wish. Of course EAC would normally ban you for this but the driver is whitelisted :).
Turns out the driver being vulnerable also means on any machine it is installed you can elevate your privileges to NT authority\system and if a virus gets there you’re reinstalling your machine.
The cherry on top is that the echo.ac team and it’s CEO have been really salty about all of this and have blocked the researcher who found this out on Twitter, while it is verified that people were exploiting this for cheating.
And then the CEO stated that people don’t even know what a rootit is, why should they care? Yeah, I still don’t trust sony.
It was a funny year. Sony made a rootkit for music CDs. Blizzard made an invasive anticheat. So people started using the Sony rootkit to hide their cheat engines from the invasive anticheat.
I was always wanting to know what DRM software actually was and found this. I wasn’t aware that this happened.
Yeah it made pretty big headlines. It wasn’t so much the DRM but more the way they went about sneaking it onto people’s systems. And even after people were exploiting the kit, Sony did this:
“Russinovich noted that the removal program merely unmasked the hidden files installed by the rootkit but did not actually remove the rootkit.”
There are few companies I will never support. Sony is one of them. They have absolute seething hate and disrespect for their customers.
What does sony even sell now that people would buy? I am much less aware of them in the marketplace now.
Playstation is the first that comes to mind. It’s a mega conglomerate and is involved in many industries:
https://en.wikipedia.org/wiki/Sony
Never have bought a single Sony product since. They never apologized for their outright hostile and damaging behaviour. It’s not much to them, but I bought 10000s of Euros of electronic since then. No cent for them. Fuck Sony.
Same! I have made dozens of purchase decisions based on that. I have refrained from getting into PS ecosystem. I have not purchased a Sony Alpha DSLR. Every time a movie would carry a Sony brand I would just pirate it instead of going to the cinema. I remember them also going after a kid that worked on defeating their DRM. There also was a number of Sony computer systems compromised by simple hacks in the following weeks and a very unprofessional response from different Sony departments - denial, retaliations etc. Millions of customers had their PI leaked and not a single sorry from that corporation. After almost two decades I stand by my decision.
