Tech Shout!

Finnish security giant F-Secure has confirmed the presence of a vulnerability in Sony’s software which is used in their MicroVault USB memory sticks with fingerprint readers.

A report received on F-Secure’s HIPS DeepGuard software reflected a problem when the memory stick was being connected.

After receiving the report, F-Secure carried out a deeper scrutiny into the problem and discovered that the software was creating a hidden directory within the user’s computer that that neither the users, virus scanners nor anti-virus softwares could detect. .

Apparently the fingerprint reader software, installs a driver that hides a directory under “c:\windows\”, thanks to which that directory and the files within it don’t show up in the Windows API when counting files and sub-directories.

According to the security company, this problem is somewhat similar to the one in 2005 where Sony DRM software allowed malware to be veiled from users. Sony was hugely ridiculed for this including copy-protection software on its music CDs that utilized rootkit-like functionality.

“As with the Sony BMG case we, of course, contacted Sony before we decided to go public with the case. However, this time we received no reply from them,” maintained F-Secure in a blog post.

Speaking on this issue, Mcafee, another well-know security company stated, “The apparent intent was to cloak sensitive files related to the fingerprint verification feature included on the USB drives.”