Via theregister.co.uk -
Sony is prepping an update to remove rootkit-like technology that shipped with a range of USB storage devices featuring fingerprint authentication.
The Sony MicroVault USM-F fingerprint reader software that comes bundled with the USB stick installs a hidden directory under Windows. Files in the directory might be hidden from some antivirus scanners, potentially creating a hiding place for malware that virus authors could seek to exploit.
The tactic, a misguided attempt to protect fingerprint authentication from tampering and bypass, was uncovered by net security firm F-Secure. Three Sony MicroVault USB stick models with fingerprint readers contain the software. They are no longer in production but are available still for purchase.
According to Sony, the blame lies with code supplied by a third-party developer from China. An update to resolve the problem is scheduled for release in mid-September.
No comments:
Post a Comment