Sony USB Drives Pack Rootkit Surprise

Finnish security company F-Secure has reported on new rootkit-like software discovered on USB thumb drives manufactured by Sony. Although the software doesn't appear to cause damage to a user's system, it does create a hidden directory that is inaccessible via the Windows API and some virus scanners.

The product in question is Sony's MicroVault USM-F fingerprint reader software, included with the company's USB drives. Sony was widely derided in 2005 for bundling copy-protection software on its music CDs that utilized rootkit-like functionality. "It is our belief that the MicroVault software hides this folder to somehow protect the fingerprint authentication from tampering and bypass," says F-Secure. "However, we feel that rootkit-like cloaking techniques are not the right way to go here." The company contacted Sony about the issue, but received no response.