Does anti-piracy software on video games open security risks on users' computers?

May 4, 2009

(PhysOrg.com) -- Computer scientist Alex Halderman wants to know if antipiracy software built into Spore and other video games makes computers more vulnerable to hackers. To find out, he might have to break the law.

Halderman will soon ask the federal government for official permission so that he, along with other researchers, can safely study the question, and so that consumers can take necessary steps to protect their computers.

Halderman is an assistant professor in the University of Michigan's Department of Electrical Engineering and . At a hearing on May 7 in Washington, D.C., he will petition the U.S. Copyright Office for a three-year exemption from the Digital Millennium Copyright Act. The exemption would apply to all researchers and consumers, not just to Halderman.

"In the computer security community, we're interested in how software impacts the security of consumers' personal computers," Halderman said.

"We have growing reason to suspect the software tends to create security problems. The Digital Millennium Copyright Act has had a chilling effect on our ability to investigate and test systems to find out what's really going on and protect users from any defects. The threat of lawsuits under the ambiguous law makes researchers shy away from studying these risky systems. This is the chief impetus for my petition."

Because the act prohibits tampering with copy protection, researchers like Halderman could run afoul of it as they investigate and suggest repairs for any problems. Such research could invite lawsuits. Halderman knows this first hand.

In 2003, SunnComm Technologies threatened to sue him after he discovered that the company's new digital rights management (often shortened to DRM) software was defective and easy to circumvent. The software was designed to bar CD buyers from copying songs and uploading them to the Internet. Halderman found that simply holding the shift key while inserting the CD into the computer prevented the computer from running the software, and gave users access to the audio files.

Halderman continued to study similar copy protection products. In 2005, he and other researchers found that copy-protected music CDs sold by Sony BMG installed software that opened major security holes in users' computers. In response to this concern, Sony released a patch that uninstalled the program, but Halderman discovered that the patch actually unlocked another way in for hackers.

Halderman is now petitioning the Copyright Office for two variances: one targeting digital rights management in video games that harms users' computers, and another targeting dangerous copy protection more broadly. The exemptions would enable researchers to test, investigate, and repair vulnerabilities in such software, and it would allow consumers to protect their computers by taking necessary corrective action.

If the Copyright Office grants these requests, Halderman plans to study the antipiracy software on Spore, a best-selling video game in which players control the evolution of a species. When installed on a computer, Spore installs a digital rights management program called SecuROM, which was developed by Sony. Some video game users have claimed that SecuROM disables critical security measures such as firewalls and antivirus , opening their PCs to viruses, spyware, and other malware.

Three class-action suits have been filed on behalf of those who say they've been negatively affected by SecuROM in the video games Mass Effect, Spore, and Spore Creature Creator. Sony maintains that the program is safe, but Halderman worries that it has not been rigorously studied.

"In the larger context, security concerns of this type have a way of affecting everyone, not just those who experience security breaches or use media with digital rights management," Halderman said. "We all face inconvenience and risk when attackers use compromised systems to send spam and hijack machines to hide their tracks, for example."

Provided by University of Michigan (news : web)


print this article email this article download pdf blog this article bookmark this article     Stumble it Digg this share on Facebook retweet share on Reddit add to delicious
Rate this story - 5 /5 (3 votes)

Rank Filter

Move the slider to adjust rank threshold, so that you can hide some of the comments.


Display comments: newest first

  • LariAnn - May 04, 2009
    • Rank: 5 / 5 (1)
    I don't doubt that Sony could care less whether or not they jeopardize the computer security of Sony customers, so long as they extract their "pound of flesh" in terms of high-priced, hacker-friendly software products. Perhaps some of the hackers are actually on their payroll . . .

May 4, 2009 all stories

Comments: 1

5 /5 (3 votes)
  • Stumble this up

  • Digg this

  • share this

  • hide

  • Related Stories

  • Security firms react to rootkit
    created Nov 17, 2005 | popularity not rated yet | comments 0
  • Attackers Target Gamers with Spyware
    created Mar 23, 2007 | popularity not rated yet | comments 0
  • Attack on computer memory reveals vulnerability of widely-used security systems
    created Feb 21, 2008 | popularity not rated yet | comments 0
  • Trouble for iTunes in France?
    created Mar 15, 2006 | popularity not rated yet | comments 0
  • Researchers reveal 'extremely serious' vulnerabilities in e-voting machines
    created Sep 13, 2006 | popularity not rated yet | comments 0



  • hide

  • Relevant PhysicsForums posts

  • Sixth sense technology
    created Nov 26, 2009
  • kindle e-reader and scientific papers
    created Nov 24, 2009
  • Help with a camera choice
    created Nov 18, 2009
  • casio calculator that's similar to TI-89
    created Nov 08, 2009
  • Advice on what cell phone to get
    created Nov 08, 2009
  • Changing the language options on your phone.
    created Nov 03, 2009
  • More from Physics Forums - Computing & Technology

Other News

Semantic research sets world standards

Semantic research sets world standards

Technology / Computer Sciences

created 3 hours ago | popularity 2 / 5 (1) | comments 0

(PhysOrg.com) -- European researchers have created new tools for semantic technology development which are helping to set the next generation of official standards. The tools also unblock some key bottlenecks ...


Cellphone powers back pain chip in Taiwan

Technology / Engineering

created 4 hours ago | popularity 3 / 5 (1) | comments 0

Taiwanese researchers have developed a chip to treat backpain that is powered by mobile phone, a member of the team said Friday.


Lenovo buying back mobile phone business

Technology / Business

created 3 hours ago | popularity not rated yet | comments 0

(AP) -- Personal computer maker Lenovo Group said Friday it is joining the race to develop products that link phones and PCs by buying back a mobile phone business that it sold last year.


Food banks go high-tech to feed the hungry (AP)

Food banks go high-tech to feed the hungry

Technology / Hi Tech

created 3 hours ago | popularity not rated yet | comments 0

(AP) -- Food banks across the country are undergoing a high-tech revolution, adopting sophisticated databases, bar coding, GPS tracking, automated warehouses and other technologies used in the food industry ...


Apple's iPhone set to make splash in South Korea (AP)

Apple's iPhone set to make splash in South Korea

Technology / Business

created 4 hours ago | popularity not rated yet | comments 0

(AP) -- The iPhone's arrival in South Korea is generating considerable buzz among consumers and industry watchers amid expectations it will shake up a market dominated by world-beating domestic manufacturers.




PhysOrg Account
advanced search
  • follow with twitter
  • follow on facebook
  • read with kindle
  • customize RSS
  • physorg mobile
  • newsletter