F-Secure: Sony uses rootkits again

The included fingerprint-reader software in Sony's MicroVault USM-F line of USB drives installs files in a hidden folder under "c:windows" that can be used maliciously, Finnish security company F-Secure has found. That directory and the files within it are not visible through Windows' usual APIs. "[But] if you know the name of the directory, it is possible to enter the hidden directory using [the] Command Prompt, and it is possible to create new hidden files. There are also ways to run files from this directory," said F-Secure researcher Mika Tolvanen. F-Secure has not yet received a reply from Sony when the security company notified them about a month ago that its rootkit-sniffing software, BlackLight, had reported hidden files on a system with the MicroVault software.

Just like in the Sony BMG rootkit case in late 2005, the directory goes unspotted by some antivirus scanners. Then, researchers spotted rootkit-like cloaking technologies used by the copy-protection software Sony BMG Music Entertainment installed on PCs when customers played the label's audio CDs. "Sony doesn't do any of its own development in this area; it looks like a Chinese company did it," said Mikko Hypponen, F-Secure's chief research officer. Less than two weeks after the first reports of Sony's mishap, new Trojan horses used Sony's code to hide from security software. The MicroVault software is cloaking the folder for good reason: to protect the fingerprint reader's authentication files from being tampered with or circumvented. "What's not justified is that others can use this folder," said Hypponen.

News source: InfoWorld

Report a problem with article
Previous Story

AllOfMP3 set to stage a comeback

Next Story

Crysis Single Player Demo Coming September 25

33 Comments

Commenting is disabled on this article.

Sony really needs to start developing software in house for their products. Both rootkits were in software licensed from other companies.

rant/

Sony releases rootkit = "DON'T BUY PS3!!!"
MS allows rootkits to be installed = "360 is teh owns!"

So many blind fools around

/rant

What did they do to BioShock?

EDIT:

The problems stem from SecuROM, a DRM infection of unconscionable proportions, brought to you by the good people of Sony, again. 2KGames took the anti-user step of hurting paying customers with this malware in order to prevent piracy, but if you don't want to end up with a system filled with unremovable malformed registry keys and an uninstallable coaster, your only recourse is to pirate it.

What SecuROM does is phone home and activate, the same way MS malware in WGA and Vista does. If you install the game twice, it will keep you from installing a third time...

Ravensworth said,
Most people, I think, don't even know what a rootkit is, so why should they care about it?

Well, perhaps when they have their credit cards and info stolen they will wish they had known. Or perhaps when their PCs mysteriously start crashing or running slow, they might know what was causing it.

what an insane comment, just cause you don't know what somethign is doesn't mean you shoudln't worry about it. they will care when their PC is hacked silly because they had the sony root kit and some hacker managed to take advantage of it and steeal their credit card details

****ing tw@s!

I do love my DSC T50 Cybershot, PS3, PSP and 2 x BRAVIA LCD's though.

And that's not just willy waving (well maybe a little bit) but they do make some good ****.

Doesn't matter, they make crap products now anyway. I've seen generic hardware that works better than their new stuff. Too bad, they use to be pretty cool.

In encrypted security files.

Not in a special folder their software creates that hides all the content from the system even, making it a perfect place for worms and trojans to hide.

The same place you store any other confidential information like credit card numbers and so on, with encryption. It's not like your fingerprint scan is the only important thing you have to keep safe. If this were normal for fingerprint software it wouldn't be safe at all because everyone would know where the "secret" folder was.

Screw Sony and their rootkits. I've always said they had crap products and now they have crap products with security risks, w00 for them.

thats where you are incorrect, Sony has always had good products, which is why they built such a good name for themselves in the professional markets. they have good products with security risks

whocares78 said,
thats where you are incorrect, Sony has always had good products, which is why they built such a good name for themselves in the professional markets. they have good products with security risks

A security risk they purposely created. Sony now isn't what Sony was 10 years ago. They couldn't care less about their customers these days.

NightmarE D said,

A security risk they purposely created. Sony now isn't what Sony was 10 years ago. They couldn't care less about their customers these days.

Totally agree, pricing and not giving a S%&t about it's customers has been extremely detrimental, they do their brand name no favours with all this crap

As much as I don't like sony doing this I don't believe that this will blow up the way the Sony CD rootkit did becuase more people buy CDs than flashdrives with fingerprint reader. Also when people buy flashdrives they look at brands, not really so with CDs becuase they look at bands.

The first time this rootkit crap was bantering about I decided then and there never to buy any sony labeled product ever again, and after reading this article I'm in the same camp as yourself Blaine.

ThaCrip said,
exactly... thats what i was thinking.

just more reason to say screw Sony and avoid there products ;)

Oh for sure. I hope ANOTHER lawsuit goes forth, and puts the smack down on Sony. I've grown to actually HATE them. I try not to hate anything... but damn, come on!