Sony confirms memory stick flaw

A security flaw in Sony's range of USB memory sticks could leave PCs vulnerable to hackers.

A security flaw in Sony's range of USB memory sticks could leave PCs vulnerable to hackers.

The vulnerability, found by security firm F-secure, is present in three models of Sony's MicroVault USB sticks, which come with fingerprint readers.

The Sony MicroVault USM-F fingerprint reader software that comes with the USB stick installs a driver that creates a hidden directory under "c:\windows\."

Researchers at F-secure said that a hacker could enter the hidden directory using the Command Prompt and create new hidden files. There were also ways to run files from this directory. Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) - depending on the techniques employed by the antivirus software.

"It is therefore technically possible for malware to use the hidden directory as a hiding place," said a posting on the F-secure blog.

Although the Sony said the models have now been discontinued, they are still available to purchase and in use.

A Sony spokesperson said: "While relatively small numbers of these models were sold, we are taking the matter seriously and conducting an internal investigation. No customers have reported problems related to situation to date."



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Business applications



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...