A USB fingerprint authentication device from Sony contains rootkit-like technology, according to security watchers. The MicroVault USM-F fingerprint reader software bundled with the stick installs a hidden directory under Windows.

"Files in this directory are also hidden from some antivirus scanners (as with the Sony BMG DRM case) — depending on the techniques employed by the anti-virus software. It is therefore technically possible for malware to use the hidden directory as a hiding place," warns anti-virus firm F-Secure.

Sony, which drew fire for its use of similar rootkit-like techniques as copy protection mechanism on CDs two years ago, is yet to respond to the latest criticism.

Back in 2005 Sony BMG endured a public-relations and legal nightmare after it emerged digital rights management (DRM) software installed on some of its music CDs (First4Internet XCP program) created a handy means for hackers to hide malware from anti-virus scanning programs. Under pressure, Sony has been forced to recall discs loaded with the technology and create an exchange program for consumers. The music label still faces class action lawsuits by users who allege that their PCs have been damaged by the technology. ®

Related stories

• Sears sued for website that leaked customer purchases (7 January 2008)
• Nato secrets USB stick lost in Swedish library (4 January 2008)
• Sony to exorcise 'rootkit' from USB drives (4 September 2007)
• BioShockers delivered from DRM hell (24 August 2007)
• Sony BMG sues DRM developer (16 July 2007)
• Stealth techniques push malware under the radar (3 October 2006)
• Homeland security urges DRM rootkit ban (17 February 2006)
• Consumer group calls for anti-DRM laws (18 January 2006)
• Updated Gaffer tape defeats Sony DRM rootkit (21 November 2005)
• Sony DRM uninstaller 'worse than rootkit' (17 November 2005)
• First Trojan using Sony DRM spotted (10 November 2005)