Sony Investigates Reports Of Fingerprint Reader Software Installing Rootkit On PCs - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Sony Investigates Reports Of Fingerprint Reader Software Installing Rootkit On PCs

Sony said the controversial software shipped with three models of its Micro Vault USM-F line, and those versions have been recently discontinued.

Sony on Wednesday said it was investigating reports that some models of its Micro Vault fingerprint reader contained software drivers that installed on a PC a hidden folder that could be exploited by virus writers.

The disclosure was reminiscent of a more serious incident last year in which Sony distributed music CDs that unbeknownst to the customer installed copyright-protection software on a PC. The software included a cloaking mechanism that could be exploited by hackers.

In the latest incident, Sony said the controversial software shipped with three models of its Micro Vault USM-F line, and those versions have been recently discontinued. "No customers have reported problems to date," a Sony spokesman said. "We are still investigating this and are taking the issue very seriously."

Security firm F-Secure reported Monday that Sony's Micro Vault software installed a driver that creates a hidden folder using rootkit techniques. A rootkit is a general description of a program that conceals itself within an operating system in order to secretly run processes, files, or system data. The program is difficult to remove.

On Wednesday, F-Secure said that the Micro Vault application was not as serious as the previous CD software, but still presented a security risk since hackers could hide malware in the hidden folder. The folder is used to protect fingerprint authentication from tampering.

In general, the software is less onerous because it does not hide its folder deeply in the system, and probably wouldn't hide malware as effectively from anti-virus scanners, F-Secure said. In addition, the Micro Vault software does not hide processes or registry keys, and can be removed through a standard installation process.

But while Sony said it no longer offers the software with its fingerprint reader, F-Secure said the rootkit-carrying application was still available for download from Sony.net.

In a deal with U.S. regulators, Sony early this year agreed to pay consumers up to $150 for the cost of repairing computers damaged by CDs containing the digital rights management software. Sony BMG, the music division of the consumer electronics giant, shipped the software in 12 million CDs on 52 titles. The CDs started shipping in 2005, but the rootkit wasn't discovered until 2006.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
IBM Puts Red Hat OpenShift to Work on Sports Data at US Open
Joao-Pierre S. Ruth, Senior Writer,  8/30/2019
Slideshows
IT Careers: 10 Places to Look for Great Developers
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/4/2019
Commentary
Cloud 2.0: A New Era for Public Cloud
Crystal Bedell, Technology Writer,  9/1/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Slideshows
Flash Poll