Rootkit-like behavior found on Sony fingerprint reader

Rootkit-like behavior found on Sony fingerprint reader

Summary: Finnish anti-virus vendor F-Secure has found rootkit-like features in a plug-and-play fingerprint reader marketed by Sony.

SHARE:
TOPICS: Hardware
43

Rootkit-like behavior found on Sony fingerprint readerFinnish anti-virus vendor F-Secure has found rootkit-like features in a plug-and-play fingerprint reader marketed by Sony.

The discovery was made when F-Secure's BlackLight scanner picked up hidden files on a system with the Sony Microvault USM-F fingerprint reader software.

F-Secure Mika Stahlberg explains:

The Sony MicroVault USM-F fingerprint reader software that comes with the USB stick installs a driver that is hiding a directory under "c:\windows\". So, when enumerating files and subdirectories in the Windows directory, the directory and files inside it are not visible through Windows API. If you know the name of the directory, it is e.g. possible to enter the hidden directory using Command Prompt and it is possible to create new hidden files. There are also ways to run files from this directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the hidden directory as a hiding place.

In addition to the software that was packaged with the USB stick, F-Secure also tested the latest software version available from Sony and found the same hiding functionality. "[We] feel that rootkit-like cloaking techniques are not the right way to go here," Pehkonen said.

He said Sony did not respond to F-Secure's attempt at notification.

This comes almost two years after the Sony BMG copy protection scandal, where rootkit techniques were used in a DRM (digital rights management) scheme.

Topic: Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

43 comments
Log in or register to join the discussion
  • Once a Crook Always a Crook

    Game Over Sony (RiP 2005) so why continue?
    Mectron
    • do they care?

      They keep selling by the billions, and most people just care about stuff working, not how it is done.

      Don't take me wrong: I've been boycotting Sony for the past 15 years, but most people wouldn't mind buying their products. so why should they care?
      patibulo
      • Most Don't Know

        Most folks have only a vague recollection of the Sony Rootkit fiasco, if they recall anything at all. I also think most recall the exploding batteries, but don't remember that Sony made most of them. So long as they keep making great TVs and don't cause any deaths, they'll continue to do well with the general public. Is there any way to stop their illegal behavior??

        Hey, did you hear that they may have WMDs? ;)
        bmgoodman
        • Ha !

          That was clever !
          Thanks for the grin :)
          bruceslog
  • Here we go again!

    What in the world are the developers at SONY thinking?
    propagandhi
    • Here we go again!

      I saw another article elsewhere that said it was actually developed by a Chinese company for Sony.
      davolente@...
      • Citation

        With the recent news of comestible-espionage, this wouldn't surprise me...but could you provide a URL or other citation of this possible connection?

        Thanks.
        CosmoAgain
  • Looks like $ony found something to do with all those unused rootkits.

    n/t
    Mr. Roboto
    • hei

      i too think so finally sony found ways to deal with all the rokkits... :)
      mano.n.s75@...
  • Did they think nobody would notice

    Will this one have gaping security vulnerabilities like the last one?
    zmud
  • Why do we keep giving Sony another chance?

    Rootkits. CD Copy protection. Batteries....

    And they want us to all jump on their Blu-Ray bandwagon?

    I don't think so.
    BitTwiddler
    • I Don't !

      I have Not purchased a Sony product since the last time they installed rootkits in the products we buy from this company. And I Will Not buy Anything from Sony.
      Can Not Trust Them. And this article proves the point.
      As someone here said... Once a Crook, Always a Crook.
      bruceslog
  • Sony

    I want every buy anything with the Sony Name on it again.
    cast7776@...
    • Wow....

      That was... wow.
      Hallowed are the Ori
  • that begs the question...

    Is PlayStation 3 or a Blue Ray driver atempting to place rootkkits on your drive?
    If you use windoze, you kind of deserve it, but is $ony trying to infect my Linux box?
    Linux Geek
    • Since you don't have a C:\Windows folder

      on your LinSUX box, it's doubtful . . .
      JLHenry
      • Should I even reply to that?

        Have you not seen CD-ROMs with dual FS to allow Windows to load the Windows software/drivers and Macs to load the Mac software/drivers?

        Do you think for a minute that the Windows drivers for a Blu-Ray device --or any device for that matter-- is the exact same driver for the Mac or Linux ([i]NDIS Wrapper[/i] notwithstanding)?

        Have you not heard of Linux root kits?

        If a question was asked in a forest and you were not there to answer, would you still be....
        Logics
  • This is why you leave UAC enabled

    UAC will, if you deny the action, prevent these rootkit-like drivers from installing.

    This is why Vista has UAC and why you should leave it enabled.
    CobraA1
    • Still doesn't help though

      Take average joe. They buy some hardware and in order to use they need to install a driver. So the UAC prompts them for password. They enter it as they know they are adding some hardware. That's normal and boom in goes the root kit. UAC is useless here.
      voska
    • UAC is not protect you against driver instllations

      UAC's function is sit there and provide elevation when a process running in a limited mode needs to do something that requires administrtive rights. such as righting something under program files folder or right something in local machien section of registery or others.

      As it is all antivirus softwares have drivers coming with them. these virtual device drivers helps them hook application's functionalities such as open ed ports files written process created and etc.

      Most users would see the dialog that says such and such instllation is trying to install such as such device driver which is securley signed to sony corporation,symantec or mcaffee or what have you.

      There is no real way to prevent it. other than disabling that driver with another driver based software and then removing it.
      ericsami