BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Security

Security management Toolkit

Security experts warn of Sony 'hidden files'

Tags:
Directory,
Talking,
Sony,
Malware

Liam Tung ZDNet Australia

Published: 28 Aug 2007 08:37 BST

Security specialists are warning that Sony's MicroVault USB, which is a biometric USB storage device, cloaks driver software in a Windows directory that could be used by malware to avoid detection from security applications.

The manner of installing and hiding software on users' PCs is reminiscent of Sony BMG's attempt two years ago to protect music copyright by installing rootkit software.

The fingerprint-recognition software packaged with Sony's Microvault USB installs itself as hidden files on the user's system under the "c:\windows\" directory.

F-Secure security expert, Mika Tolvanen, reported that it is possible to enter the hidden directory using a Command Prompt and from there create and run new hidden files.

"Files in this directory are also hidden from some antivirus scanners — as with the Sony BMG DRM case — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the directory as a hiding place," said Tolvanen on the F-Secure blog.

Tolvenan believes Sony's intention was to protect the fingerprint authentication software from tampering but he disagrees with employing "rootkit-like cloaking techniques" to do so.

Sony BMG was heavily criticised in 2005 by analysts and vendors for hiding files on users' systems that left PCs vulnerable to hackers.

At the time, Symantec's senior director, Vincent Weafer said: "We're trying to reinforce here that we're not talking about a virus, or malicious code, we're talking about technology that could be misused."

To put a halt to various US state-based investigations into its use of rootkits to protect copyright, Sony BMG forked out $6m (£3m).

F-Secure's Tolvanen said of Sony BMG's use of rootkit software: "It is unclear if the 'rise of the rootkit' would have happened in this magnitude without the publicity of the Sony BMG case. In any case, a lot more people now know what a 'rootkit' is than back then."

Did you find this article useful?
14 out of 17 people found this useful

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

In association with Network Liberation Movement

Company/Topic Alerts

Create a new alert from the list below:

Sony
Fingerprint recognition

Biometrics

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video

Install Flash Player plugin

Find out more: Microsoft exec outlines...

All videos
Most popular videos
Latest videos

Featured Talkback

It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.