Sony has done plenty of damage to its already tarnished reputation for going with proprietary formats that ultimately fail (Betamax, BluRay?), and for hardware issues (flaming laptop batteries), and security issues (CD rootkit scandal). Now they are at it again, putting a rootkit on a USB key drive. See the following article.
Nutshell, Finnish security company F-Secure has reported to have found software with rootkit-like behaviour supplied with Sony USB sticks with a built-in fingerprint reader.
"The Sony MicroVault USM-F fingerprint reader software that comes with the USB stick installs a driver that is hiding a directory under "c:windows", So, when enumerating files and subdirectories in the Windows directory, the directory and files inside it are not visible through Windows API. If you know the name of the directory, it is e.g.
possible to enter the hidden directory using Command Prompt and it is possible to create new hidden files," Mikko Hypponen, chief research officer at F-Secure wrote in the company blog.
"There are also ways to run files from this directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) — depending on the techniques employed by the antivirus software. It is therefore technically possible for malware to use the hidden directory as a hiding place."
However, in a follow up blog posting Hypponen says the USB case is not as bad as the CD DRM case," Hypponen writes.
"The user understands that he is installing software, it’s on the included CD, and has a standard method of uninstalling that software.
"The fingerprint driver does not hide its folder as "deeply" as does the XCP DRM folder. The MicroVault software probably wouldn’t hide malware as effectively from (some) real-time antivirus scanners."
However, Hypponen does say it is possible to run executable malware from the hidden directory. What’s more, the new rootkit which can still be downloaded from sony.net can be used by any malware author to hide any folder.
"If you simply extract one executable from the package and include it in malware, it will hide that malware’s folder, no questions asked," Hypponen says.
It appears that Sony is not interested in talking about the issue with the security company that contacted the company before outing this case.
"We still haven’t received any kind of response from Sony International," Hypponen writes.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com