Sony USB driver installs a rootkit?

Written by Tim Smalley

August 28, 2007 // 10:37 a.m.

Tags: #directory #drive #hidden #kit #microvault #root #rootkit #software #sony #thumb #usb

Security firm F-Secure has revealed that the software bundled with Sony's MicroVault USB thumb drives hides a directory under "C:\Windows\".

The directory and files contained inside it aren't visible through the Windows API and, curiously, if you know the name of the directory, it's possible to create new hidden files inside the directory. F-Secure also says there are ways run files from this directory too.

What's more worrying is the fact that because the directory is hidden from the Windows API, most virus scanners are unable to detect the directory (and the files inside it). This means it's possible for malware exploit a system from the hidden directory created by Sony's MicroVault software and go undetected.

According to F-Secure, the MicroVault software is designed to protect the user's fingerprint authentication from tampering and unauthorised access, but a rootkit-esq cloaking technique isn't the solution to the problem of security.

After the rootkit debacle in 2005 and the subsequent multi-million dollar settlement, you would have hoped that Sony wouldn't go down this route again. Sadly, that doesn't seem to be the case.

Discuss in the forums

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU