Sony confirms MicroVault memory security problem, patch coming soon
Sony has confirmed the vulnerability found by F-secure on the company’s new MicroVault line of USB memory sticks and fingerprint reader. The security flaw lies in the memory stick’s function to write a hidden folder in PCs that hackers can exploit.
The case is similar to the case Sony faced in 2005 when their music CDs were found to also write software into the PCs that were hackable.
F-secure and McAfee, which also took part in the investigation, found out that the memory stick wrote an undetectable folder in the hard drive.
While not reachable by normal means, hackers can break into it and spread malicious code through the folder. Since even some popular anti-virus software can’t detect the folder, it’s danger is even more alarming.
The two security companies who found the flaw were surprised at the similarities between this case and Sony’s 2005 case, but the latest security flaw is not as serious. The 2005 case involved anti-piracy software in Music CDs that wrote a rootkit into the PC to prevent the user from ripping the tracks. They said there is a major difference between the two cases:
Sony is attempting to protect the user’s own data [with the bundled third-party software]. In the DRM case, Sony was attempting to restrict you – the user – from accessing the music on the CD you bought. So their intent was more beneficial to the consumer in this case.
The USB storage has been discontinued in stores but is still available online. A Sony spokesperson explained that the program was outsourced and was developed by a third-party manufacturer. They will address the issue by releasing a downloadable fix by the middle of September.
Via BBC News
Sony has confirmed the vulnerability found by F-secure on the company’s new MicroVault line of USB memory sticks and fingerprint reader. The security flaw lies in the memory stick’s function to write a hidden folder in PCs that hackers can exploit.
The case is similar to the case Sony faced in 2005 when their music CDs were found to also write software into the PCs that were hackable.
F-secure and McAfee, which also took part in the investigation, found out that the memory stick wrote an undetectable folder in the hard drive.
While not reachable by normal means, hackers can break into it and spread malicious code through the folder. Since even some popular anti-virus software can’t detect the folder, it’s danger is even more alarming.
The two security companies who found the flaw were surprised at the similarities between this case and Sony’s 2005 case, but the latest security flaw is not as serious. The 2005 case involved anti-piracy software in Music CDs that wrote a rootkit into the PC to prevent the user from ripping the tracks. They said there is a major difference between the two cases:
Sony is attempting to protect the user’s own data [with the bundled third-party software]. In the DRM case, Sony was attempting to restrict you – the user – from accessing the music on the CD you bought. So their intent was more beneficial to the consumer in this case.
The USB storage has been discontinued in stores but is still available online. A Sony spokesperson explained that the program was outsourced and was developed by a third-party manufacturer. They will address the issue by releasing a downloadable fix by the middle of September.
Via BBC News
About The Author
