Sony faces another security controversy

Two security vendors highlight dangers of Sony's USB memory sticks

Sony USB sticks install root kits

USB memory sticks sold by Sony are leaving users' PCs more vulnerable to hacking attacks, according to security vendors.

Sony's MicroVault USB memory stick and fingerprint reader includes software that creates a hidden directory on a hard drive, researchers from supplier F-Secure have reported.

Software that hides itself in this way, known as a root kit, could also conceal malware from any security software running on the PC.

In 2005, Sony used root kit technology to bury digital rights management software from users who were playing CDs on PCs.

Researchers with security specialist McAfee said they had confirmed the vulnerability described by F-Secure.

'The apparent intent was to cloak sensitive files related to the fingerprint verification feature included on the USB drives,' said a McAfee spokesman.

'The application could be used to hide arbitrary software, including malicious software.'

Sony has not yet responded to the accusations.