RSS Newsletter

Sony USB driver installs a rootkit?

Author: Tim Smalley
Published: 28th August 2007

Security firm F-Secure has revealed that the software bundled with Sony's MicroVault USB thumb drives hides a directory under "C:\Windows\".

The directory and files contained inside it aren't visible through the Windows API and, curiously, if you know the name of the directory, it's possible to create new hidden files inside the directory. F-Secure also says there are ways run files from this directory too.

What's more worrying is the fact that because the directory is hidden from the Windows API, most virus scanners are unable to detect the directory (and the files inside it). This means it's possible for malware exploit a system from the hidden directory created by Sony's MicroVault software and go undetected.

According to F-Secure, the MicroVault software is designed to protect the user's fingerprint authentication from tampering and unauthorised access, but a rootkit-esq cloaking technique isn't the solution to the problem of security.

After the rootkit debacle in 2005 and the subsequent multi-million dollar settlement, you would have hoped that Sony wouldn't go down this route again. Sadly, that doesn't seem to be the case.

Discuss in the forums

Related

• Stealth rootkit could make our lives a misery
• Sony rootkit case ends in customer pay-out and free downloads
• Sony shenanigans
• Sony BMG apologise
• More outrageousness from Sony
• Sony installs hidden malware on your machine
• Latest Bits News

• Comments (19)
• Email to Friend

Your name

Recipient email address

Add recipient

Email subject

Personal message (optional)

The email will also contain the following information about this story

Sony USB driver installs a rootkit?

It looks like Sony is back with another rootkit after two years in the dark. This time the company's MicroVault USB thumb drives are the carriers.

http://www.bit-tech.net/news/bits/2007/08/28/sony_usb_driver_installs_a_rootkit/1