Rootkit woes for Sony again?
Security researcher points to rootkit found in fingerprint authentication software in Sony's Micro Vault USB drive.
Remember the hubbub over Sony BMG Music Entertainment's rootkit debacle, involving its CDs?
Well, another arm of Sony, this time Sony Electronics, may face a little of the brouhaha, as well.
According to a blog posting Monday by F-Secure, Sony's Micro Vault USM-F thumb drive comes with software that contains a rootkit.
For those who missed out on the Sony BMG fiasco, a rootkit is a tool that can cloak the presence of certain files or processes and prevent users from performing certain tasks on their computer. While Sony BMG used the rootkits as a means to prevent the pirating of their artists' work, it also had the potential side affect of allowing attackers to hide their malicious software if it made its way onto users' systems.
F-Secure says Sony's Micro Vault USB drive fingerprint reader software installs a driver that hides a directory under "c:\windows\". As a result, that directory and the files within it don't show up in the Windows API, when trying to count files and subdirectories.
It's an ironic twist, considering fingerprint readers are designed to add another lay of security.
"It is our belief that the Micro Vault software hides this folder to somehow protect the fingerprint authentication from tampering and bypass," F-Secure's blog posting notes. "However, we feel that rootkit-like cloaking techniques are not the right way to go here."
The security firm also notes that when the Sony BMG rootkit debacle flared up in 2005, malicious software with rootkits was not pervasive. But over the past two years, a number of malicious versions have popped up that include rootkit cloaking techniques.
Users who are out shopping for a Sony Micro Vault USB this year won't have the same problem, said a Sony spokesman. He noted that the USM-F version was discontinued last year and it was the only Micro Vault that came with a fingerprint reader feature.