First published: 31st August 2007
F-Secure reports that the software supplied with the Sony MicroVault USM-F uses rootkit techniques to hide a directory from the operating system. This could allow malware to install and run itself undetected by some anti-virus software. The Microvalut USM-F is a flash USB drive with fingerprint reader.
From their analysis, F-Secure believes that the MicroVault software hides this folder to somehow protect the fingerprint authentication from tampering and bypass. It is obvious that, for secure authentication, user fingerprints cannot be in a world writable file on the disk, but the method used is open to exploitation by malware. F-Secure contacted Sony before going public with the case, but received no reply from them.