A line of USB drives sold by Sony installs files in a hidden folder that can be accessed and used by hackers, a Finnish security company charged Monday, raising the specter of a replay of the fiasco that hit Sony's music arm two years ago when researchers discovered that its copy protection software used rootkit-like technologies.
According to F-Secure, the fingerprint-reader software included with the Sony MicroVault USM-F line of flash drives installs a driver that hides in a hidden directory under "c:\windows". That directory and the files within it are not visible through Windows' usual APIs, said F-Secure researcher Mika Tolvanen in a posting to the company's blog Monday.
"[but] if you know the name of the directory, it is possible to enter the hidden directory using [the] Command Prompt, and it is possible to create new hidden files," said Tolvanen. "There are also ways to run files from this directory."