R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com

Free email newsletters




ADVERTISEMENT

Sony caught playing with rootkits again

Repeat of hidden folders offering a malware hiding place

Tom Sanders in California, vnunet.com 28 Aug 2007
ADVERTISEMENT

Sony's Microvault USB memory key software could render users vulnerable to a malware attack, security vendor F-Secure has claimed.

The Sony devices feature an integrated fingerprint reader that allows the user to securely store information. Unlocking the information, however, requires the installation of special software on a Windows computer.

The application creates a hidden directory on the user's hard drive. At least some antivirus applications will be unable to access and scan the contents of this directory, claimed F-Secure researcher Mika Tolvanen.

This potentially allows malware authors to hide their creations from security software.

The technology has rootkit-like characteristics designed to hide files and processes from the end user as well as the system.

Rootkits are best known for their use by malware authors to prevent detection and removal of their creations by security applications.

The term originally referred to tools that allow attackers to gain root access to Unix systems without the owner's knowledge, but has since taken on the meaning of cloaking technologies.

The Microvault case closely resembles a highly publicised security scandal from 2005 when Sony used rootkit technology to hide digital rights management software from end users when they tried to play certain audio CDs on a Windows computer.

The XCP software, developed by First 4 Internet, was generally considered to be clumsily architected.

Sony initially denied that its technology comprised a security risk, but quickly backed downwhen malware emerged that exploited the flaw. The firm paid several millions settling lawsuits.

Sony's entertainment division deployed the rootkit technology to prevent users from uninstalling the digital rights management technology, an action that critics claimed to be at odds with fair use.

In the case of the Microvault memory keys, F-Secure suggested that the file could be hidden to ensure the accuracy of the data signatures, thereby protecting the data stored on the device.

"We feel that rootkit-like cloaking techniques are not the right way to go here," Tolvanen commented.

F-Secure said that it was unsuccessful in contacting Sony.

Sony did not immediately respond to request for comment.


All Hacking

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
R E A D E R   C O M M E N T S
Post your comment Post your comment   What is this?

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
EXCEPTIONAL .NET (ASP / VB / C#) DEVELOPER – SURREY HEDGE FUND
| Aston Carter
EXCEPTIONAL .NET (ASP / VB / C#) DEVELOPER – SURREY HEDGE FUND My client is a CASH RICH leading Microsoft Technology focused Hedge Fund currently experiencing unrivalled success – they need to bring on fresh ... more >
Software Developer - Modelling and Simulations - Defence
| JAM Recruitment
Position: Software Developer – Modelling / Simulations Salary: £27-37,000 Location: Luton, Bedford, Milton Keynes Apply to: a.ross@jamrecruitment.co.uk This is an excellent chance to join one of the UK’s leading Defence businesses operating at the forefront ... more >
Software Engineer – C/C++/GUI/UML - East Mids - £30-40k
| JAM Recruitment
Position: Software Engineer – C/C++/GUI/UML Salary: £30-40,000 Location: Leicester Apply to: a.ross@jamjobs.co.uk This is a fabulous opportunity to join a globally recognised organisation working as part of a team taking innovative and cutting edge solutions ... more >
Embedded Software / Systems Engineer - Defence - Cumbria
| JAM Recruitment
Position: Embedded Software / Systems Engineer Salary: £25-40,000 Location: Barrow, Cumbria, Carlisle, Lake District Apply to: a.ross@jamrecruitment.co.uk (inc salary expectations, availability and notice period) This is an exciting opportunity to join one of the UKs ... more >
More job opportunities

Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Advertise
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503