bit-tech.net

Sony USB driver installs a rootkit?

Sony USB driver installs a rootkit?

The software that comes with Sony's MicroVault USB thumb drives hides a folder in the Windows directory.

Security firm F-Secure has revealed that the software bundled with Sony's MicroVault USB thumb drives hides a directory under "C:\Windows\".

The directory and files contained inside it aren't visible through the Windows API and, curiously, if you know the name of the directory, it's possible to create new hidden files inside the directory. F-Secure also says there are ways run files from this directory too.

What's more worrying is the fact that because the directory is hidden from the Windows API, most virus scanners are unable to detect the directory (and the files inside it). This means it's possible for malware exploit a system from the hidden directory created by Sony's MicroVault software and go undetected.

According to F-Secure, the MicroVault software is designed to protect the user's fingerprint authentication from tampering and unauthorised access, but a rootkit-esq cloaking technique isn't the solution to the problem of security.

After the rootkit debacle in 2005 and the subsequent multi-million dollar settlement, you would have hoped that Sony wouldn't go down this route again. Sadly, that doesn't seem to be the case.

Discuss in the forums

19 Comments

Discuss in the forums Reply
g3n3tiX 28th August 2007, 12:04 Quote
Looks like they didn't learn from their mistake.
Personally I hate having things hid into my computer without my knowledge and/or consent.
plagio 28th August 2007, 12:05 Quote
So, it is not a rootkit, and only people using windows with an administrator account (99%) can have this USB drive to create folders into the window directory tree ..... right ?
cjoyce1980 28th August 2007, 12:08 Quote
if they can't make you buy there products so they can take over the world, then they screw up, whatever you have currently!

I bet if you put that in a 360 or a wii's usb port, the 3 red lights of death appear or something to that effect!
cjoyce1980 28th August 2007, 12:10 Quote
Just another thought.......I wonder if vista UAC thing would allow this to be installed
mikeuk2004 28th August 2007, 12:33 Quote
sorry im lost, what is a rootkit?
Tim S 28th August 2007, 12:34 Quote
Quote:
Originally Posted by mikeuk2004
sorry im lost, what is a rootkit?

http://en.wikipedia.org/wiki/Rootkit ;)
mikeuk2004 28th August 2007, 12:42 Quote
Quote:
Originally Posted by Tim S
http://en.wikipedia.org/wiki/Rootkit ;)

Cheers Tim, now I understand what the Bioshock thread is all about.

Sony Microvaults are expensive anyway. Much better usb pens from other manufactures. I got one for the wife thats all rubber, just incase she drops it, it just bounces and water resistant incase she sills crap on it.
plagio 28th August 2007, 14:44 Quote
If this is only a hidden directory where only fingerprints data are stored it is not a rootkit.ù
Still, the folder is invisible and may be used for viruses and all that. But this is still not a rootkit.
DXR_13KE 28th August 2007, 14:53 Quote
if at first you don't succeed, try try again...
Kipman725 28th August 2007, 15:02 Quote
loads of directorys are hidden like that in windows, just look at your hard drive using another OS and you can see loads of folders that arn't shown even if you have show hidden files etc set. I think the scariest one was the hidden IE history that is kept on windows 98 computers (not sure if it's still there on XP) but it was basicly a file recording all recently visted pages that was never cleared out and was hidden from the rest of the OS and was imposible to turn off.
Tim S 28th August 2007, 15:04 Quote
Quote:
Originally Posted by plagio
If this is only a hidden directory where only fingerprints data are stored it is not a rootkit.ù
Still, the folder is invisible and may be used for viruses and all that. But this is still not a rootkit.

It's not a rootkit per-se hence the questionmark, but as stated it uses rootkit style cloaking techniques, which is the problem.
naokaji 28th August 2007, 15:11 Quote
Quote:
Originally Posted by Kipman725
loads of directorys are hidden like that in windows, just look at your hard drive using another OS and you can see loads of folders that arn't shown even if you have show hidden files etc set. I think the scariest one was the hidden IE history that is kept on windows 98 computers (not sure if it's still there on XP) but it was basicly a file recording all recently visted pages that was never cleared out and was hidden from the rest of the OS and was imposible to turn off.

thats what you have cd bootable linux distros for
completemadness 28th August 2007, 18:38 Quote
yeah the caches and stuff in windows can be very hard to locate

their hidden somewhere in documents and settings, you often get viruses there, but my virus scanner picks em up ;)
jweller 28th August 2007, 22:29 Quote
Regardless of what it is called or what it does we all know we can implicitly trush Sony's intentions with hidden processes running on our computers. =P
johnnyboy700 28th August 2007, 22:53 Quote
Wow, I almost bought one of these little sods! Good job I got a Scandisk instead.

I think its really underhand when companies do something like this, how dare they install something or peoples PC's without either their knowledge or consent.
I seem to recall that Sony were hit with a hefty fine for doing the same thing with some of their music cd's in the States earlier this year. does this mean they'll get hit again?
DougEdey 28th August 2007, 22:56 Quote
[sony]
http://z.about.com/d/cats/1/7/f/p/2/kalyndrawer.jpg
IM IN UR SISTAM, HIDIN
[/sony]
Darv 28th August 2007, 23:13 Quote
And people wonder why there's all the anti Sony bashing going on. I think all their bad press is entirely justified considering things like this, especially since this isn't the first time either.
Morphine-Kitty 29th August 2007, 00:02 Quote
wbdog206 29th August 2007, 04:37 Quote
some people just never learn.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums