TECH.BLORGE.com
VISTA.BLORGE.com
MAC.BLORGE.com
GAMER.BLORGE.com

August 29, 2007 |

Sony memory sticks could make your PC hacker friendly

By John Pospisil





Sony memory sticks could make your PC hacker friendly Sony’s Micro Vault USB memory sticks could make your PC vulnerable to hackers, according to Finnish security company F-Secure.

Micro Vault memory sticks have a built in fingerprint reader that comes with software that creates a hidden directory on the host PC’s hard disk. According to F-Secure, the hidden Micro Vault directory could be used by Rootkit programs, a type of malware, to conceal themselves.

It’s not the first time a Sony-related company has been embroiled in controversy over rootkits. In 2005 Sony BMG was criticized for using hidden directories as part of a digital rights management system for audio CDs.

“There are also ways to run files from [the hidden Micro Vault] directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the hidden directory as a hiding place,” explained F-Secure.

F-Secure tested the latest Micro Vault software available from Sony  and found that this version also contains the same “hiding functionality”. F-Secure believes that the MicroVault uses the hidden directory to “somehow protect the fingerprint authentication from tampering and bypass”.

“It is obvious that user fingerprints cannot be in a world writable file on the disk when we are talking about secure authentication,” said the company. 

“However, we feel that rootkit-like cloaking techniques are not the right way to go here.”

McAfee has also confirmed the vulnerability.

“The apparent intent was to cloak sensitive files related to the fingerprint verification feature included on the USB drives,” wrote McAfee.

“However, in this case (*cough* AGAIN! *cough*) the authors apparently did not keep the security implications in mind. The executable can be placed in potentially any directory and when executed will subsequently hide all the folders and files within that directory!”

At the time of the 2005 fiasco, the President of Global Digital Business at Sony BMG, Thomas Hesse, famously said: “Most people don’t even know what a rootkit is, so why should they care about it.”

Let’s hope the Sony division behind that Micro Vault takes a different approach.

F-Secure contacted Sony before going public but has not received a response.

Related:

  • Microsoft and Sony clash over Vista support of Intel’s Turbo Memory
  • Movie downloads coming to Sony PSP
  • Sony SR100 HDD Handycam
  • Sony combats wireless USB and Bluetooth 3.0 with proprietary TransferJet
  • Is Flash Memory finally going to get a uniform card format?




    • Sign up for the BLORGE daily email newsletter

    Entry was posted on Wednesday, August 29th, 2007 at 1:00 pm under Security.

    Read more entries by John Pospisil.
    StumbleUpon Toolbar Stumble It!

    One Response to “Sony memory sticks could make your PC hacker friendly”

    1. USB memory sticks:
      September 1st, 2009

      hi

      cool post

      thanks for sharing the information.

    Leave a Reply:

    Copyright © 2008 Engaging and compelling blogs that entertain and inform