Search

  
 
Security experts warn of Sony 'hidden files'


August 28 2007

Security experts warn of Sony 'hidden files'

 

Security specialists are warning that Sony's MicroVault USB, which is a biometric USB storage device, cloaks driver software in a Windows directory that could be used by malware to avoid detection from security applications.


The manner of installing and hiding software on users' PCs is reminiscent of Sony BMG's attempt two years ago to protect music copyright by installing rootkit software.

The fingerprint-recognition software packaged with Sony's Microvault USB installs itself as hidden files on the user's system under the "c:\windows\" directory.

F-Secure security expert, Mika Tolvanen, reported that it is possible to enter the hidden directory using a Command Prompt and from there create and run new hidden files.

"Files in this directory are also hidden from some antivirus scanners - as with the Sony BMG DRM case - depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the directory as a hiding place," said Tolvanen on the F-Secure blog.

Tolvenan believes Sony's intention was to protect the fingerprint authentication software from tampering but he disagrees with employing "rootkit-like cloaking techniques" to do so.

Sony BMG was heavily criticised in 2005 by analysts and vendors for hiding files on users' systems that left PCs vulnerable to hackers.

At the time, Symantec's senior director, Vincent Weafer said: "We're trying to reinforce here that we're not talking about a virus, or malicious code, we're talking about technology that could be misused."

To put a halt to various US state-based investigations into its use of rootkits to protect copyright, Sony BMG forked out $6m (£3m).

F-Secure's Tolvanen said of Sony BMG's use of rootkit software: "It is unclear if the 'rise of the rootkit' would have happened in this magnitude without the publicity of the Sony BMG case. In any case, a lot more people now know what a 'rootkit' is than back then."


 

Reproduced from an article published by ZDNet UK
© ZDNet UK

The original article can be viewed here:
http://news.zdnet.co.uk/security/0,1000000189,39288854,00.htm

 Bookmark Digg this story

RSS feed  |  About RSS feeds

Get the Industry's top stories delivered straight to your inbox...
Firstname:

Surname:

Email:

Frequency:
 Daily  Weekly
 
© 2003-2009 Global Secure Systems Ltd | Terms and Conditions
 
Industry News
Case Studies
White Papers
Press Releases
Vulnerability Advisories
Monthly Newsletter Archive
Bandwidth Management
Consultancy Products
Content Control
Desktop Protection
Email Management
Encryption Solutions
Firewall/VPN Solutions
Identity and Security
Intrusion Management
Network Optimisation
Secure Remote Access
SIEM (Event correlation)
Strong Access Control
Vulnerability Management
Web Services Security
Wireless Security
About GSS
Supported Charities
Partner Accreditations
Exhibitions & Events
Contact Details
Location
Careers
Terms & Conditions of Sale
Network Penetration Testing
Web Application Testing
Managed Vulnerability Scanning
Citrix ESA
Wireless Scanning
GCSx ITHC Testing
Vulnerability Advisories
ICS Catalogue