Rootkit-like behavior found on Sony fingerprint reader

Summary:Finnish anti-virus vendor F-Secure has found rootkit-like features in a plug-and-play fingerprint reader marketed by Sony.

Rootkit-like behavior found on Sony fingerprint reader
Finnish anti-virus vendor F-Secure has found rootkit-like features in a plug-and-play fingerprint reader marketed by Sony.

The discovery was made when F-Secure's BlackLight scanner picked up hidden files on a system with the Sony Microvault USM-F fingerprint reader software.

F-Secure Mika Stahlberg explains:

The Sony MicroVault USM-F fingerprint reader software that comes with the USB stick installs a driver that is hiding a directory under "c:\windows\". So, when enumerating files and subdirectories in the Windows directory, the directory and files inside it are not visible through Windows API. If you know the name of the directory, it is e.g. possible to enter the hidden directory using Command Prompt and it is possible to create new hidden files. There are also ways to run files from this directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the hidden directory as a hiding place.

In addition to the software that was packaged with the USB stick, F-Secure also tested the latest software version available from Sony and found the same hiding functionality. "[We] feel that rootkit-like cloaking techniques are not the right way to go here," Pehkonen said.

He said Sony did not respond to F-Secure's attempt at notification.

This comes almost two years after the Sony BMG copy protection scandal, where rootkit techniques were used in a DRM (digital rights management) scheme.

Topics: Hardware

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.