A line of USB drives sold by Sony Electronics installs files in a hidden folder that can be accessed and used by hackers, a Finnish security company charged Monday, raising the specter of a replay of the fiasco that hit Sony’s music arm two years ago when researchers discovered that its copy protection software used rootkit-like technologies.

According to F-Secure Corp., the fingerprint-reader software included with the Sony MicroVault USM-F line of flash drives installs a driver that hides in a hidden directory under “c:\windows”. That directory, and the files within it, are not visible through Windows’ usual APIs.

“[But] if you know the name of the directory, it is possible to enter the hidden directory using [the] Command Prompt and it is possible to create new hidden files,” said Mika Tolvanen. “There are also ways to run files from this directory.”

There are few companies as consistent as Sony.



  1. BubbleJohn says:

    Or you could say that Sony is persistent.

    Who the hell buys a Sony USB drive? You’d be better of with PNY or Kingston. I didn’t even know they made USB drives. This is 2x news to me.

  2. Billabong says:

    Sony has now become the new Japenese word for F%#&ed up.

  3. Todd Anderson, III says:

    Shouldn’t Microsoft take a stand against this sort of shenanigans? Does it not erode their brand name when commandeering their boxes becomes a matter of corporate strategy?

  4. John S says:

    What happened to Sony? They went from a top knotch electronics company with the best quality. Now they are junk. I guess some of it lies
    with China. Throwing cheap products into the US and other countries which attracts price savy consumers. I have seen some of the crap coming over here that places like Wal mart sell. Warranties are short, and you have to send it back to a depot somewhere for warranty.
    But with all the recalls coming from China products you would think the tide is turning back to quality not quantity. I hope so.

  5. Ari Kukkonen says:

    I started to boycott all Sony products after first Rootkit scandal. I am a small reseller of IT-products, told customers who wanted Sony products to buy them somewhere else if they wanted to hazard their security on purpose.

    This latest usb-thing just makes me think I was 100% correct o boycott all Sony products. The attitude of the Sony management in this rootkit case was just unbelievable, I was certain they would do it again. And they did.

  6. Angel H. Wong says:

    #5

    Mind you don’t blame China, if you really wanna blame someone blame it on the idiots who had the “idea” of changing the way the company was run from a company managed with japanese engineers to a regular company run by business managers and corporate lawyers.

  7. Milo says:

    Or are many other companies doing something similar and are doing it too well to get caught?

  8. TIHZ_HO says:

    “Sony doesn’t do any of its own development in this area; it looks like a Chinese company did it.”

    I would not be surprised.

    Computer security or lack there of in China.

    It has been reported that 70-80% of all computers run pirated copies of Windows and software in China. From my own observation 70-80% is a conservative figure. Many Chinese companies especially in smaller cities use pirated Windows XP – no service patch and I have seen even Windows 98 still being used.

    Viruses? If any anti-virus program are used they are either are Chinese home grown versions that look cute (with an animated cartoon lion ‘protecting’ the computer) or pirated Norton – with no virus def updates.

    We have a lot of printing done from time to time and I stopped using a USB key for transporting the files to the printer as usually they came back with some shit on that wants to Autoplay even with a new Kingston 1g I just bought – maybe like the Sony?

    Cheers

  9. BubbaRay says:

    #9, TIHZ_HO, We have a lot of printing done from time to time and I stopped using a USB key for transporting the files to the printer

    Always burn the print job to a WORM CD to take to the printer company, then scramm it with a BIC lighter and throw it in the trash when you pick up the package. I’ve seen junk written onto a CD-RW that would make your hair fall out!

    If they weren’t the only print house within reasonable driving distance, I’d try another. When confronted with the actual files, the “manager” said, “Well, we’re just trying to advertise for repeat business.”

    Advertise this you jerks.

  10. Improbus says:

    I started boycotting Sony years ago because I don’t like proprietary hardware no matter how slick it looks.

  11. FRAGaLOT says:

    I’m not here to defend sony but you people exagerate this story to the point you all look like paranoid idiots. First of all a rootkit isn’t a virus. Read the FUCKING story carefully people.

    Sony isn’t distributing viruses on USB thumb drives. It’s not even the thumbdrive it self that’s installing the root kit, it’s thumb-reader DRIVER that is installing the Rootkit.

    The rootkit simply opens up a vulnerability to hackers to hide malware on your system. But they have to know where and what that hidden sub-folder is, and would need DIRECT access to your PC to do any real damage. I doubt they can take advantage of this vulnerability over the net. So stop running around like chickens with your head cut off.

    This is just an example as to why DRM is bad, who fucking cares about Sony anymore at this point.

  12. 123456 says:

    #What happened to Sony? They went from a top knotch electronics company with the best quality. Now they are junk. I guess some of it lies with China. Throwing cheap products into the US and other countries which attracts price savy consumers. I have seen some of the crap coming over here that places like Wal mart sell. Warranties are short, and you have to send it back to a depot somewhere for warranty.
    But with all the recalls coming from China products you would think the tide is turning back to quality not quantity. I hope so.
    Comment by John S — 8/28/2007 @ 6:49 am

    #Mind you don’t blame China, if you really wanna blame someone blame it on the idiots who had the “idea” of changing the way the company was run from a company managed with japanese engineers to a regular company run by business managers and corporate lawyers.
    Comment by Angel H. Wong — 8/28/2007 @ 8:11 am

    #“Sony doesn’t do any of its own development in this area; it looks like a Chinese company did it.”
    I would not be surprised.
    Computer security or lack there of in China.
    Comment by TIHZ_HO — 8/28/2007 @ 8:47 am

    **********
    You guys ought to read this article about the Japanese economic system and its differences with ours – and while reading it keep in mind all the news from the last two weeks about our economy. Sony ‘aint Japanese – it’s one of the few ‘Japanese’ companies controlled by the ‘western’ – really Anglo-American-Jewish – financial interests.

    http://www.paecon.net/PAEReview/issue23/Locke23.htm

  13. Angel H. Wong says:

    #13

    And you should read my post, as I said before, it USED to be a great japanese company.

  14. 123456 says:

    I want you to read the article for what is says about our economies Angel, not because I (didn’t) misread your post. You know, symptom and cause…

  15. pHROZEN gHOST says:

    I would hope that intelligent people would see what is really going on here. This is corporate censorship of all for the crimes of a few.

    STOP BUYING ALL SONY PRODUCTS. TELL THE SALES REPS THAT WHEN THEY OFFER YOU SONY AT VAST DISCOUNTS THEY ARE SUPPORTING CYBER-TERRORISM.

    SONY NEEDS TO GET THE MESSAGE THAT THEY CANNOT TERRORIZE THEIR HONEST CUSTOMERS AND GET AWAY WITH IT.

    I will NEVER buy another Sony product if it is the only option available.

  16. Steve Savage says:

    Sony thumb drives aren’t the only big problems. ANY one of those devices that uses “U3 Technology” will AUTOMATICALLY install software on your system without your permission, and its nearly impossible to get rid of unless you get on the website and download a “U3 uninstaller”. The pen drive is useless until you wipe it with the uninstaller, as no normal format routines will get rid of the U3 annoyance.

  17. 123456 says:

    Pedro, the first four words I’m resonding to: “what happened to Sony?”

    The article I posted,

    http://www.paecon.net/PAEReview/issue23/Locke23.htm

    will help people to understand what happened to Sony – and by extension what has happened to the American economy and why it’s collapsing. If you don’t like what Sony does, you at least need to understand why it does it.

  18. rudy says:

    As the IT guy for a school, I have told all of the teachers and students about the first SONY root kit and recommended that they NEVER purchase any SONY products.

    Believe me, they will also be informed about this one.

    It’s really too bad, I really used to think that SONY was a company that made quality products.


0

Bad Behavior has blocked 6013 access attempts in the last 7 days.