Sony Corp., is taking flak again for reportedly including a rootkit on a variety of USB memory sticks that security analysts say could compromise a users PC if exploited by a hacker or other malware.
According to Reuters, the consumer electronics giant has been including the rootkit -- a secret software program and hidden directory -- on MicroVault USB memory sticks. The drives employ fingerprint scanning technology for security, and Sony confirmed the rootkit is designed to keep that ID verification software secure and impenetrable to would-be data thieves attempting to bypass the fingerprint scan.
However, security experts at McAfee Inc., have confirmed that the rootkit could theoretically be exploited by hackers because the hidden directory would be overlooked by conventional virus scanning software. Sony announced that it is investigating the issue and said that it has received no reports of malicious use of the MicroVault's rootkit directory.
While the exploit is only present through a relatively small number USB devices sold by Sony, the incident is reminiscent of a similar rootkit incident involving the company in 2005. At the time, Sony BMG, the company's music publishing arm, shipped more than 12 million audio CDs with a rootkit containing DRM software. In addition to opening up a similar exploit on user's PCs, the company initially did not publicly acknowledge that the software was included on the audio discs.
For more information, click here.
Comments