Software // Enterprise Applications
04:57 PM

Sony Investigates Reports Of Fingerprint Reader Software Installing Rootkit On PCs

Sony said the controversial software shipped with three models of its Micro Vault USM-F line, and those versions have been recently discontinued.

Sony on Wednesday said it was investigating reports that some models of its Micro Vault fingerprint reader contained software drivers that installed on a PC a hidden folder that could be exploited by virus writers.

The disclosure was reminiscent of a more serious incident last year in which Sony distributed music CDs that unbeknownst to the customer installed copyright-protection software on a PC. The software included a cloaking mechanism that could be exploited by hackers.

In the latest incident, Sony said the controversial software shipped with three models of its Micro Vault USM-F line, and those versions have been recently discontinued. "No customers have reported problems to date," a Sony spokesman said. "We are still investigating this and are taking the issue very seriously."

Security firm F-Secure reported Monday that Sony's Micro Vault software installed a driver that creates a hidden folder using rootkit techniques. A rootkit is a general description of a program that conceals itself within an operating system in order to secretly run processes, files, or system data. The program is difficult to remove.

On Wednesday, F-Secure said that the Micro Vault application was not as serious as the previous CD software, but still presented a security risk since hackers could hide malware in the hidden folder. The folder is used to protect fingerprint authentication from tampering.

In general, the software is less onerous because it does not hide its folder deeply in the system, and probably wouldn't hide malware as effectively from anti-virus scanners, F-Secure said. In addition, the Micro Vault software does not hide processes or registry keys, and can be removed through a standard installation process.

But while Sony said it no longer offers the software with its fingerprint reader, F-Secure said the rootkit-carrying application was still available for download from

In a deal with U.S. regulators, Sony early this year agreed to pay consumers up to $150 for the cost of repairing computers damaged by CDs containing the digital rights management software. Sony BMG, the music division of the consumer electronics giant, shipped the software in 12 million CDs on 52 titles. The CDs started shipping in 2005, but the rootkit wasn't discovered until 2006.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 17, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.