Wednesday, August 29, 2007

Sony Accused of Spreading Controversial Software Again

Sony Corp. on Monday again faced critics for usage of software that embeds itself into operating system and poses security threats. Apparently, Sony’s flash memory drives software hid certain data related to fingerprint authentication process in a directory that could not be accessed by anti-virus software or end-user using typical interfaces, but could be accessed by anyone using command prompt.
According to a report from F-Secure, a leading developer of antivirus and security software for personal computers, Sony’s MicroVault USM-F lineup of flash drives come with software that creates and hides a directory under “c:\windows\”, which cannot be accessed by the end-user, some antivirus software, but can be accessed either by Sony or people who know about the software and have intentions to harm a computer system.
“It is our belief that the MicroVault software hides this folder to somehow protect the fingerprint authentication from tampering and bypass. It is obvious that user fingerprints cannot be in a world writable file on the disk when we are talking about secure authentication. However, we feel that rootkit-like cloaking techniques are not the right way to go here,” said Mika Tolvanen of F-Secure in a posting to the company’s blog.
The antivirus software company noted that Sony used the method of creating of a hidden folder back in 2005, when the XPC digital right management software was criticized for being a malware.
F-Secure contacted Sony before publishing the information regarding the vulnerability of its flash drives and dangers that they pose to customers. However, Sony decided not to comment on the information.

No comments:

Post a Comment