bit-tech.net

Sony USB driver installs a rootkit?

Published on 28th August 2007 by Tim Smalley

The software that comes with Sony's MicroVault USB thumb drives hides a folder in the Windows directory.

Security firm F-Secure has revealed that the software bundled with Sony's MicroVault USB thumb drives hides a directory under "C:\Windows\".

The directory and files contained inside it aren't visible through the Windows API and, curiously, if you know the name of the directory, it's possible to create new hidden files inside the directory. F-Secure also says there are ways run files from this directory too.

What's more worrying is the fact that because the directory is hidden from the Windows API, most virus scanners are unable to detect the directory (and the files inside it). This means it's possible for malware exploit a system from the hidden directory created by Sony's MicroVault software and go undetected.

According to F-Secure, the MicroVault software is designed to protect the user's fingerprint authentication from tampering and unauthorised access, but a rootkit-esq cloaking technique isn't the solution to the problem of security.

After the rootkit debacle in 2005 and the subsequent multi-million dollar settlement, you would have hoped that Sony wouldn't go down this route again. Sadly, that doesn't seem to be the case.

Discuss in the forums

19 Comments

Discuss in the forums Reply

g3n3tiX 28th August 2007, 11:04

Looks like they didn't learn from their mistake.
Personally I hate having things hid into my computer without my knowledge and/or consent.

plagio 28th August 2007, 11:05

So, it is not a rootkit, and only people using windows with an administrator account (99%) can have this USB drive to create folders into the window directory tree ..... right ?

cjoyce1980 28th August 2007, 11:08

if they can't make you buy there products so they can take over the world, then they screw up, whatever you have currently!

I bet if you put that in a 360 or a wii's usb port, the 3 red lights of death appear or something to that effect!

cjoyce1980 28th August 2007, 11:10

Just another thought.......I wonder if vista UAC thing would allow this to be installed

mikeuk2004 28th August 2007, 11:33

sorry im lost, what is a rootkit?

Tim S 28th August 2007, 11:34

Quote:

Originally Posted by mikeuk2004
sorry im lost, what is a rootkit?

http://en.wikipedia.org/wiki/Rootkit ;)

mikeuk2004 28th August 2007, 11:42

Quote:

Originally Posted by Tim S
http://en.wikipedia.org/wiki/Rootkit ;)

Cheers Tim, now I understand what the Bioshock thread is all about.

Sony Microvaults are expensive anyway. Much better usb pens from other manufactures. I got one for the wife thats all rubber, just incase she drops it, it just bounces and water resistant incase she sills crap on it.

plagio 28th August 2007, 13:44

If this is only a hidden directory where only fingerprints data are stored it is not a rootkit.Ã¹
Still, the folder is invisible and may be used for viruses and all that. But this is still not a rootkit.

DXR_13KE 28th August 2007, 13:53

if at first you don't succeed, try try again...

Kipman725 28th August 2007, 14:02

loads of directorys are hidden like that in windows, just look at your hard drive using another OS and you can see loads of folders that arn't shown even if you have show hidden files etc set. I think the scariest one was the hidden IE history that is kept on windows 98 computers (not sure if it's still there on XP) but it was basicly a file recording all recently visted pages that was never cleared out and was hidden from the rest of the OS and was imposible to turn off.

Tim S 28th August 2007, 14:04

Quote:

Originally Posted by plagio
If this is only a hidden directory where only fingerprints data are stored it is not a rootkit.Ã¹
Still, the folder is invisible and may be used for viruses and all that. But this is still not a rootkit.

It's not a rootkit per-se hence the questionmark, but as stated it uses rootkit style cloaking techniques, which is the problem.

naokaji 28th August 2007, 14:11

Quote:

Originally Posted by Kipman725
loads of directorys are hidden like that in windows, just look at your hard drive using another OS and you can see loads of folders that arn't shown even if you have show hidden files etc set. I think the scariest one was the hidden IE history that is kept on windows 98 computers (not sure if it's still there on XP) but it was basicly a file recording all recently visted pages that was never cleared out and was hidden from the rest of the OS and was imposible to turn off.

thats what you have cd bootable linux distros for

completemadness 28th August 2007, 17:38

yeah the caches and stuff in windows can be very hard to locate

their hidden somewhere in documents and settings, you often get viruses there, but my virus scanner picks em up ;)

jweller 28th August 2007, 21:29

Regardless of what it is called or what it does we all know we can implicitly trush Sony's intentions with hidden processes running on our computers. =P

johnnyboy700 28th August 2007, 21:53

Wow, I almost bought one of these little sods! Good job I got a Scandisk instead.

I think its really underhand when companies do something like this, how dare they install something or peoples PC's without either their knowledge or consent.
I seem to recall that Sony were hit with a hefty fine for doing the same thing with some of their music cd's in the States earlier this year. does this mean they'll get hit again?

DougEdey 28th August 2007, 21:56

[sony]
http://z.about.com/d/cats/1/7/f/p/2/kalyndrawer.jpg
IM IN UR SISTAM, HIDIN
[/sony]

Darv 28th August 2007, 22:13

And people wonder why there's all the anti Sony bashing going on. I think all their bad press is entirely justified considering things like this, especially since this isn't the first time either.

Morphine-Kitty 28th August 2007, 23:02

wbdog206 29th August 2007, 03:37

some people just never learn.