Sony claims the rootkit-like behaviour of a device driver used to run its biometric MicroVault USB drive, was unintentional.
Sony Sweden representative Fredrik Fagerstedt told local press this week that sometimes even actions taken with “good will” can go wrong.
Fagerstedt’s comments come the same day that antivirus firm McAfee joined the growing chorus of companies to criticise Sony for compromising its customers’ security.
McAfee reported that Taiwan’s FineArt Technology Co. Ltd, which makes encryption software for PCs and laptops, was responsible for creating the offending software.
McAfee’s Aditya Kapoor and Seth Purdy wrote in a blog: “the authors apparently did not keep the security implications in mind” when designing the installation method.
Kapoor and Purdy catalogued the incident as one of the worst examples of “nasty rootkits that use blended techniques to hide or protect themselves.”
Echoing F-Secure’s Patrik Runald, the McAfee bloggers said the default installation path does nothing to stop malware authors from copying code to a directory of their choice and executing it in that location.
They added that another easy hack for malware authors would be to launch code from their chosen directory and add a start-up entry for the software to ensure it is hidden immediately on the PC’s boot-up.
Sony Australia has not responded to multiple requests for comment.
Sony, Storage, Flash Drive, MicroVault, USB Drive, Biometric, Rootkit, Malware
Source:? ZDNet Australia