Sony’s MicroVault USB Sticks Vulnerable to Hacker Attacks

Sony just confirmed that they found a security flaw in some of its products that can leave a PC vulnerable to hacker attacks. The problem is with software packaged with memory sticks, which was developed by third party. The solution is immediately offered and the company said it will offer a fix by mid-September.

This vulnerability was found by F-secure and is similar to that discovered on Sony BMG CDs sold in 2005. It seems that Sony’s MicroVault USB sticks with fingerprint readers are the ones affected. Software that came with the devices are using virus-like techniques and create a hidden directory on the hard drive. A hacker can easily infect a computer because any file stored in that hidden directory is invisible to some virus scanners, security software and even to the user. A sony spokesman declared:

“While relatively small numbers of these models were sold, we are taking the matter seriously and conducting an internal investigation. No customers have reported problems related to situation to date.”

Researchers at McAfee also investigated this problem and declared:

“The apparent intent was to cloak sensitive files related to the fingerprint verification feature included on the USB drives. However, in this case the authors apparently did not keep the security implications in mind.”

Sony had similar problems in the past so it is a surprise that it happened again. The only positive here (if you can call it that) is that this flaw is not as serious as in the XCP DRM case the company faced in the past. Sony had a good intention here but the result was not as expected.

Category: Featured