Sony Investigates Reports Of Fingerprint Reader Software Installing Rootkit On PCs - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Sony Investigates Reports Of Fingerprint Reader Software Installing Rootkit On PCs

Sony said the controversial software shipped with three models of its Micro Vault USM-F line, and those versions have been recently discontinued.

Sony on Wednesday said it was investigating reports that some models of its Micro Vault fingerprint reader contained software drivers that installed on a PC a hidden folder that could be exploited by virus writers.

The disclosure was reminiscent of a more serious incident last year in which Sony distributed music CDs that unbeknownst to the customer installed copyright-protection software on a PC. The software included a cloaking mechanism that could be exploited by hackers.

In the latest incident, Sony said the controversial software shipped with three models of its Micro Vault USM-F line, and those versions have been recently discontinued. "No customers have reported problems to date," a Sony spokesman said. "We are still investigating this and are taking the issue very seriously."

Security firm F-Secure reported Monday that Sony's Micro Vault software installed a driver that creates a hidden folder using rootkit techniques. A rootkit is a general description of a program that conceals itself within an operating system in order to secretly run processes, files, or system data. The program is difficult to remove.

On Wednesday, F-Secure said that the Micro Vault application was not as serious as the previous CD software, but still presented a security risk since hackers could hide malware in the hidden folder. The folder is used to protect fingerprint authentication from tampering.

In general, the software is less onerous because it does not hide its folder deeply in the system, and probably wouldn't hide malware as effectively from anti-virus scanners, F-Secure said. In addition, the Micro Vault software does not hide processes or registry keys, and can be removed through a standard installation process.

But while Sony said it no longer offers the software with its fingerprint reader, F-Secure said the rootkit-carrying application was still available for download from Sony.net.

In a deal with U.S. regulators, Sony early this year agreed to pay consumers up to $150 for the cost of repairing computers damaged by CDs containing the digital rights management software. Sony BMG, the music division of the consumer electronics giant, shipped the software in 12 million CDs on 52 titles. The CDs started shipping in 2005, but the rootkit wasn't discovered until 2006.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Commentary
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
Slideshows
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Slideshows
Flash Poll