Security Firms Unearth Another Sony Rootkit

Just how convenient is a USB memory stick? Very. Just how likely is it that your computer could be infected if you use one? Depends on the maker.

Not so long ago, 2005 in fact, Sony faced a mountain of controversy when it reportedly used rootkit software to spy on users. That case involved the prevention of music piracy, with Sony halting the resale of its artists' discs by secretly installing copy protection programs on CDs sold to the public. Although there might be a few in the music industry capable of defending such a tactic, few will appreciate this news.

According to researchers at a pair of web security firms, users of Sony's MicroVault USB memory stick (or fingerprint reader) are having a nice, little rootkit installed on their hard drives. Tucked away in a hidden directory, the rootkit is supposed to help "cloak" critical files selected by the fingerprint verification function. Although clearly Sony had good intentions, security analysts have found that this rootkit could easily be exploited by hackers who could upload all kinds of nasty viruses. (Source: cio-today.com)

Thus, there is a difference between these two Sony rootkit episodes. One was intentional (and later rectified through an embarassing update), while this most recent example is no less than a major oversight. Although security firm McAfee contacted Sony before going public with the news, the Japanese company failed to reply.

Regardless of Sony's intentions, McAfee spokesperson Dave Marcus believes they're now endangering owners of the MicroVault USB stick. "The application could be used to hide arbitrary software, including malicious software," Marcus told reporters. Whether that means Sony is obligated to recall all of its devices or simply fess up and make an update available, no one is yet saying. Not Sony, at least. (Source: monstersandcritics.com)