Sony software makes PCs vulnerable, researchers say

Sony software makes PCs vulnerable, researchers say
By Jim Finkle, Tue Aug 28, 2007

BOSTON, Aug 28 (Reuters) - Software included with high-end memory sticks sold by Sony Corp can make personal computers vulnerable to attack by computer hackers, according to researchers with two Internet security firms.

Sony's MicroVault USB memory stick and fingerprint reader includes software that creates a hidden directory on the computer's hard drive, researchers with Finnish security software maker F-Secure Corp (FSC1V.HE: Quote, Profile, Research) reported on the company's blog on Monday.

Such software that hides itself, which is known as a root kit, leaves room for hackers to secretly infect personal computers, they said.

Software that is installed on such hidden drives is not only invisible to the human eye; some types of computer security software are unable to detect viruses and other types of so-called malware, or malicious software, stored on them.

F-Secure's blog posting said it attempted to contact Sony before alerting the public about the software, but the company had not replied.

Sony spokesman Chisato Kitsukawa said he could not immediately comment on the situation.

On Tuesday, researchers with McAfee Inc. said they had confirmed the vulnerability described by F-Secure.

"The apparent intent was to cloak sensitive files related to the fingerprint verification feature included on the USB drives," said McAfee spokesman Dave Marcus. "However, software creators apparently did not keep the security implications in mind. The application could be used to hide arbitrary software, including malicious software."

This is not the first time F-Secure has found Sony software installing hidden directories on the drives of its customers. In 2005 there was a similar situation involving the electronics maker's digital rights management software, security experts say.

Source : From Reuters article - Sony software makes PCs vulnerable, researchers say