Security experts warn of Sony 'hidden files'

Security experts warn of Sony 'hidden files'

Summary: The fingerprint-recognition software packaged with Sony's Microvault USB could be used by malware to compromise users' PCs

TOPICS: Security

Security specialists are warning that Sony's MicroVault USB, which is a biometric USB storage device, cloaks driver software in a Windows directory that could be used by malware to avoid detection from security applications.

The manner of installing and hiding software on users' PCs is reminiscent of Sony BMG's attempt two years ago to protect music copyright by installing rootkit software.

The fingerprint-recognition software packaged with Sony's Microvault USB installs itself as hidden files on the user's system under the "c:\windows\" directory.

F-Secure security expert, Mika Tolvanen, reported that it is possible to enter the hidden directory using a Command Prompt and from there create and run new hidden files.

"Files in this directory are also hidden from some antivirus scanners — as with the Sony BMG DRM case — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the directory as a hiding place," said Tolvanen on the F-Secure blog.

Tolvenan believes Sony's intention was to protect the fingerprint authentication software from tampering but he disagrees with employing "rootkit-like cloaking techniques" to do so.

Sony BMG was heavily criticised in 2005 by analysts and vendors for hiding files on users' systems that left PCs vulnerable to hackers.

At the time, Symantec's senior director, Vincent Weafer said: "We're trying to reinforce here that we're not talking about a virus, or malicious code, we're talking about technology that could be misused."

To put a halt to various US state-based investigations into its use of rootkits to protect copyright, Sony BMG forked out $6m (£3m).

F-Secure's Tolvanen said of Sony BMG's use of rootkit software: "It is unclear if the 'rise of the rootkit' would have happened in this magnitude without the publicity of the Sony BMG case. In any case, a lot more people now know what a 'rootkit' is than back then."

Topic: Security

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Anything Sony

    I refuse to buy anything carrying the Sony brand, due to their "rootkit" fiasco.
  • Sony isn't the only one you need worry about!

    It's not only Sony who is busy installing software onto systems!

    Microsoft also has "Rootkits" that are on already systems and it is claimed that these can't be uninstalled.

    USB3 has software partitions and software in hidden folders that enable any software application to work on your system. This means that data can be extracted without you knowing, ports opened and intellectual property leaked from your system in a manner that you are not immediately aware. The risks from USB3 will be very high in the wrong hands.

    Logitech wireless mouse has software installed on its USB dongle that writes to your PC on installation and is required to make the wireless mouse work.

    The latest iPods now have software capability for data storage as well.

    iPhone (and many other phones and PDAs) have data transfer capability with inbuilt software.

    Sony isn't the only one to be concerned about.

    The rate of change of technology is now so fast it is hard to keep up with.

    The new activation features in Vista also send data from your PCs back to Microsoft as well and they plan on offering similar activation/licensing services as well in Oct 2007 to ISVs so they too can follow the activation approach. This is the area we all need to fear as it presents a very large risk of destabilising your PC based systems.
  • German "Trojan Horse"

    Does anyone know more details on the German government proposal to use "Trojan Horse" software to monitor through the hard drive potential terrorist suspects? This is surfacing as a rumour skinny on details but is supposed to come via emails from government agencies in Germany.

    This will make life interesting if this proceeds, as spoofing of email addresses etc will challenge the methods that can be used to block inbound emails such as this.