Nearly two years after Sony faced a storm of criticism for using a rootkit-like program in its digital rights management (DRM) technology, security researchers at F-Secure Corp. say they've discovered something similar in Sony's Micro Vault USM-F fingerprint reader software.
The latest example of rootkit use was found in software that's part of an older line of USB drives sold by Sony Electronics Inc., according to Mika Stahlberg, a researcher for the Helsinki, Finland-based security firm.
In the F-Secure blog, Stahlberg wrote that the Sony Micro Vault USM-F fingerprint reader software that comes with the USB stick installs a driver that is hiding a directory under 'c:windows.' When enumerating files and subdirectories in the Windows directory, he said, the directory and files inside it are not visible through Windows API. If someone knows the name of the directory, it is possible to enter the hidden directory using a command prompt and it is possible to create new hidden files.
"It is our belief that the Micro Vault software hides this folder to somehow protect the fingerprint authentication from tampering and bypass," he said. "It is obvious that user fingerprints cannot be in a world writable file on the disk when we are talking about secure authentication. However, we feel that rootkit-like cloaking techniques are not the right way to go here."
He did note, however, that Micro Vault with fingerprint authentication appears to be an older product Sony may no longer be manufacturing. Nevertheless, Stahlberg said, F-Secure researchers did manage to find the product on sale.
F-Secure said it contacted Sony before going public with its latest discovery, but that Sony hasn't responded. Sony did not immediately respond to a request for comment from SearchSecurity.com.
Graham Cluley, senior technology consultant for UK-based security software company Sophos, said his organization has been unable to locate one of the USB devices in question, and that they don't seem to be readily available in Australia and the UK. But he did find that they can be purchased online via such sources as Amazon.com. He declined to comment on the specifics of F-Secure's findings, but he did express concern over the general practice of using hidden technology as Sony has in the past.
"Hopefully, this new rootkit is not going to be as widespread as when Sony shipped one on popular music CDs," Cluley said in an email exchange.
In late 2005, Sony BMG Music Entertainment Inc. found itself at the center of a media firestorm when a researcher discovered the company was using a rootkit-based digital rights management (DRM) system to prevent CD copying.
Experts at the time worried that if more companies used the technology the way Sony has, hackers could hijack such rootkits and cause all kinds of trouble. Rootkits, tools or programs used to mask software or network intrusions, are typically used only by malicious hackers, they noted.