UK Home >  OUT-LAW News >  News Archive >  2007 >  August 2007 >  Sony accused of new rootkit security blunder

Sony accused of new rootkit security blunder

OUT-LAW News, 29/08/2007

Sony technology is being accused for the second time of opening up users' computers to possible hacks without their knowledge or permission. Security researchers claim that Sony memory stick software could be dangerous.

Free OUT-LAW Breakfast Seminars, UK-wide. 1:The new regime for prize draws and competitions. 2:How to monitor staff legallyRecord label Sony BMG caused outrage in 2005 when digital rights management technology included on audio CDs installed so-called rootkit software on users' computers. That software changed the way users' operating systems played CDs and created a security vulnerability. The installation was hidden in a way that made its removal difficult for users.

Security companies F-Secure and McAfee now claim that software installed by a Sony memory stick and fingerprint reader called MicroVault causes similar problems, installing itself secretly at the heart of a computer's operating system and offering worms or viruses a potential hiding place from anti-virus software.

A blog by security company F-Secure broke the news of the vulnerability. It said: "The Sony MicroVault USM-F fingerprint reader software that comes with the USB stick installs a driver that is hiding a directory under 'c:\windows\'. So…the directory and files inside it are not visible through Windows API."

"Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) – depending on the techniques employed by the antivirus software," said the blog. "There are also ways to run files from this directory. "It is therefore technically possible for malware to use the hidden directory as a hiding place."

Security experts say that hiding malicious files in such folders has become much more common since the publicity surrounding Sony's first rootkit problem, and that there are a number of worms or viruses in existence that exploit such flaws.

Security company McAfee confirmed F-Secure's claims. A McAfee spokesman told the Reuters news agency that it also believed the hidden folder could be used to mask malicious files and prevent their detection by anti-virus software.

Sony had no comment to make on the claims.

See also:

Disclaimer: We hope you find OUT-LAW’s content useful. It’s prepared by the lawyers at Pinsent Masons. Please remember, though, that it’s intended as general information only. It’s not legal advice. If that’s what you’re seeking, please contact us. See also: our full disclaimer

 

OUT-LAW Recommends

This week's podcast
Bribery law extended

Advert: Pinsent Masons works with forensic accountants to help you to manage the costs of litigation. Our approach is called Reaching Solutions.
Advanced Search
UK Home | 
OUT-LAW News | 
This month's news | 
News Archive | 
2010 | 
2009 | 
2008 | 
2007
2006 | 
2005 | 
2004 | 
2003 | 
2002 | 
2001 | 
2000 | 
OUT-LAW RSS feeds | 
OUT-LAW Radio | 
Legal Info About... | 
Legal Info For... | 
Our Services | 
Case Studies | 
Events and Training | 
Fun | 
About Us | 
Contacts | 
Legal Notices | 

 

Pinsent Masons named Legal Firm of the Year 2009 at Finance Directors' Excellence Awards

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility Logon
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.