A security flaw in Sony's range of USB memory sticks
could leave PCs vulnerable to hackers.
The vulnerability, found by security firm F-secure, is present
in three models of Sony's MicroVault USB sticks, which come with
fingerprint readers.
The Sony MicroVault USM-F fingerprint reader software that comes
with the USB stick installs a driver that creates a hidden
directory under "c:\windows\."
Researchers at F-secure said that a hacker could enter the
hidden directory using the Command Prompt and create new hidden
files. There were also ways to run files from this directory. Files
in this directory are also hidden from some antivirus scanners (as
with the
Sony BMG DRM case) - depending on the techniques employed by
the antivirus software.
"It is therefore technically possible for malware to use the
hidden directory as a hiding place," said a posting on the
F-secure blog.
Although the Sony said the models have now been discontinued,
they are still available to purchase and in use.
A Sony spokesperson said: "While relatively small numbers of
these models were sold, we are taking the matter seriously and
conducting an internal investigation. No customers have reported
problems related to situation to date."