Sony puts PCs at risk
2007-08-30 07:20
Boston - Software included with
high-end memory sticks sold by Sony Corp can make personal
computers vulnerable to attack by computer hackers, according to
researchers with two internet security firms.
Sony's MicroVault USB memory stick and fingerprint reader
includes software that creates a hidden directory on the
computer's hard drive, researchers with Finnish security
software maker F-Secure Corp reported on the company's blog on Monday.
Such software that hides itself, which is known as a root
kit, leaves room for hackers to secretly infect personal
computers, they said.
Software that is installed on such hidden drives is not only
invisible to the human eye; some types of computer security
software are unable to detect viruses and other types of
so-called malware, or malicious software, stored on them.
F-Secure's blog posting said it attempted to contact Sony
before alerting the public about the software, but the company
had not replied.
Sony spokesperson Chisato Kitsukawa said he could not
immediately comment on the situation.
On Tuesday, researchers with McAfee Inc said they had
confirmed the vulnerability described by F-Secure.
"The apparent intent was to cloak sensitive files related to
the fingerprint verification feature included on the USB
drives," said McAfee spokesperson Dave Marcus.
"However, software creators apparently did not keep the security implications in mind. The application could be used to hide arbitrary software, including malicious software."
This is not the first time F-Secure has found Sony software
installing hidden directories on the drives of its customers.
In 2005 there was a similar situation involving the electronics
maker's digital rights management software, security experts
say.