Tuesday, 28 August 2007

Sony MicroVault USM-F: another rootkit security risk

Got a Sony MicroVault USM-F USB stick with fingerprint reader? If you've installed the software for the fingerprint reader, or indeed the updated software from the Sony site, then you may have opened the door to malware on your computer.

This seems to be a minor repeat by Sony of their rootkit disaster back in 2005 with the Sony BMG CDs digital rights management / copy protection scandal, because the fingerprint reader software also uses rootkit techniques to hide a directory and the files inside it within "C:\Windows\" on your computer.

A user won't see that directory or the files in it within Windows. But someone who knows the name of the directory can enter it via Command Prompt and create new hidden files.
This opens up a possible security hole. As anti-virus company F-Secure, who discovered this rootkit software, put it: "There are also ways to run files from this directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the hidden directory as a hiding place!".

Via Heise Security, who advise that if you don't need that fingerprint reading software then you should preferably uninstall it to eliminate a possible hiding place for malware.

UPDATE: Heise Security have since reported that Sony will be offering non-rootkit software for the MicroVault USM-F for download by mid-September.

No comments: