F-secure finds potential security flaw in Sony memory stick software

August 29, 2007 – Security firm F-secure has reported that it has discovered a potential security flaw in software bundled with certain Sony memory sticks, which could leave PCs vulnerable to hacker attacks.

The potential weak spot, which has also been investigated by Mcafee, is related to techniques used by the software bundled with Sony MicroVault USB sticks to cloak sensitive files.  “The apparent intent was to cloak sensitive files related to the fingerprint verification feature included on the USB drives,” researchers at Mcafee have said.  “However, in this case the authors apparently did not keep the security implications in mind.”

The software creates a hidden directory on a computer’s hard drive, according to the researchers at F-secure, which could allow a hacker to infect the computer.  Any files stored on the hidden directory would be invisible not only to the user, but also to some virus scanners and security software.

F-secure noted that the products affected “appear to be an older product and may no longer be manufactured,” although they are still available for sale on many websites.

F-secure stated on a blog post that they have alerted Sony to the potential problem: “We, of course, contacted Sony before we decided to go public with the case.  However, this time, we received no reply from them.”