Sony Stops Manufacturing of USB Drives Containing Rootkits

Sony has stopped the production of its Microvault USB sticks that potentially pose security risks to Windows PCs because of their rootkit functionality.

Sony has stopped the manufacturing of three Microvault USB memory key models which could be potentially dangerous to the security of Windows computers, reported a company spokesperson to Vnunet.com.

At first, Sony refuted the opinion that its Microvault USB software posed any risks to computer security. But when malware successfully exploited its rootkit functionality, Sony's stand was proven incorrect. The scandal led to several lawsuits and a government probe. Most of these lawsuits have been settled.

The company has confirmed an ongoing investigation into its product's security issues. While results are pending, the company can't say as yet if it would make a recall of defective units.

The three models that have been discontinued are USM-256F, USM-512FL, and USM-128C. Each of the models has a fingerprint reader embedded in them. Sony was unable to say the total number of USB devices it has released but said it sold a "limited" number around the world since their manufacture.

F-Secure, the security vendor, announced in the end week of August 2007 that the finger-authentication software bundled with Sony's MicroVault USM-F flash drive places files in a concealed directory that hackers could use to cover their malware.

The fingerprint reader, together with the FineArt technology, controls the access to data save on a device. The software stacks information regarding authorized fingerprints in such a manner that neither the end-user nor the anti-virus solutions can detect them. Although this means that the fingerprint data remains integrated, the directory could be a place for viruses and several other types of malware to hide.

Since F-Secure revealed Sony's latest rootkit Snafu, many other security companies have confirmed the findings. On August 28 2007, researchers at McAfee said that hackers could exploit any of the executable files in the USB drive to conceal a folder containing various files from security scanners. Or attackers could just hide their malware in the installation directory that is present by default, McAfee analysts Seth Purdy and Aditya Kapoor posted on the AvertLab's blog. ComputerWorld reported this on August 30, 2007.

Sophos also agreed that rootkit technologies were present in the FineArt software included with the MicroVault flash drives.

Related article: Some Suggestions to Deter ‘Windows Rot’

» SPAMfighter News - 9/15/2007