Software // Enterprise Applications
News
8/29/2007
04:57 PM
Connect Directly
RSS
E-Mail
50%
50%

Sony Investigates Reports Of Fingerprint Reader Software Installing Rootkit On PCs

Sony said the controversial software shipped with three models of its Micro Vault USM-F line, and those versions have been recently discontinued.

Sony on Wednesday said it was investigating reports that some models of its Micro Vault fingerprint reader contained software drivers that installed on a PC a hidden folder that could be exploited by virus writers.

The disclosure was reminiscent of a more serious incident last year in which Sony distributed music CDs that unbeknownst to the customer installed copyright-protection software on a PC. The software included a cloaking mechanism that could be exploited by hackers.

In the latest incident, Sony said the controversial software shipped with three models of its Micro Vault USM-F line, and those versions have been recently discontinued. "No customers have reported problems to date," a Sony spokesman said. "We are still investigating this and are taking the issue very seriously."

Security firm F-Secure reported Monday that Sony's Micro Vault software installed a driver that creates a hidden folder using rootkit techniques. A rootkit is a general description of a program that conceals itself within an operating system in order to secretly run processes, files, or system data. The program is difficult to remove.

On Wednesday, F-Secure said that the Micro Vault application was not as serious as the previous CD software, but still presented a security risk since hackers could hide malware in the hidden folder. The folder is used to protect fingerprint authentication from tampering.

In general, the software is less onerous because it does not hide its folder deeply in the system, and probably wouldn't hide malware as effectively from anti-virus scanners, F-Secure said. In addition, the Micro Vault software does not hide processes or registry keys, and can be removed through a standard installation process.

But while Sony said it no longer offers the software with its fingerprint reader, F-Secure said the rootkit-carrying application was still available for download from Sony.net.

In a deal with U.S. regulators, Sony early this year agreed to pay consumers up to $150 for the cost of repairing computers damaged by CDs containing the digital rights management software. Sony BMG, the music division of the consumer electronics giant, shipped the software in 12 million CDs on 52 titles. The CDs started shipping in 2005, but the rootkit wasn't discovered until 2006.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July10, 2014
When selecting servers to support analytics, consider data center capacity, storage, and computational intensity.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join InformationWeek’s Lorna Garey and Mike Healey, president of Yeoman Technology Group, an engineering and research firm focused on maximizing technology investments, to discuss the right way to go digital.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.