Sony faces renewed security woes

Sony have been alerted to the flaw

Electronics giant Sony has again been accused of selling products that leave PCs vulnerable to attack by hackers.

Security firm F-secure have discovered a flaw in software packaged with memory sticks made by the Japanese firm.

The vulnerability is similar to one found on CDs sold by Sony BMG in 2005 that led to the discs being recalled and lawsuits against the company.

The software uses virus-like techniques to hide itself on PCs which could leave it open to infection, researchers say.

"The apparent intent was to cloak sensitive files related to the fingerprint verification feature included on the USB drives," said researchers at security firm Mcafee, who have also investigated the flaw.

"However, in this case the authors apparently did not keep the security implications in mind."

Going public

The latest vulnerability affects Sony's MicroVault USB sticks with fingerprint readers.

Software packaged with the memory sticks creates a hidden directory on a computer's hard drive according to researchers at F-secure.

The software, known as a "rootkit", could allow a hacker to infect a computer as any files stored on the hidden directory would not only invisible to the user, but also from some virus scanners and security software.

F-secure said they had alerted the electronics firm to the flaw.

"As with the Sony BMG case we, of course, contacted Sony before we decided to go public with the case. However, this time we received no reply from them," said a blog post by researchers at the firm

The firm also noted that the susceptible products "appear to be an older product and may no longer be manufactured." However many websites still sell the products.

Sony was not immediately available for comment.