Sony to remove rootkit functionality from USB stick software
Sony is to offer the software for its fingerprint reader USB stick in a non-rootkit version, the company has announced to the British media. Last week, it was revealed that the software for the MicroVault USM-F USB stick hides a subdirectory of the Windows folder from other Windows applications using rootkit techniques.
A spokesperson for Sony is quoted as saying, "While relatively small numbers of these models were sold, we are taking the matter seriously and conducting an internal investigation. No customers have reported problems related to the situation to date. While the software at issue was developed by a third-party vendor in conjunction with our outsourced device manufacturer, as a precaution and to alleviate any potential concerns, we will be issuing downloadable software to address the situation by mid-September."
Anti-virus company F-Secure, which discovered and revealed the software's rootkit functionality, assesses the risk as being comparable to that posed by Sony BMG's copy protection rootkit. Some malware took advantage of the invisibility offered by that rootkit to hide within the system.
- Sony MicroVault software has rootkit function, report from heise Security from 28th August 2007