Published:2007/09/07  Last Updated:2008/05/21

JVN#35677737
Fingerprint Authentication Software for Sony Pocket Bit installs hidden folders and files

Overview

Fingerprint Authentication Software for Sony Pocket Bit installs hidden folders and files, that is, the folders and files are not visible using ordinary system tools.

Products Affected

  • Pocket Bit series:
    USM128F (discontinued model)
    USM512FL (discontinued model)
  • MicroVault series:
    USM64C (discontinued model)
    USM128C (discontinued model)
    USM256F (discontinued model)
    USM512FL (discontinued model)

Description

Some models of Sony Pocket Bit series contain Fingerprint Authentication Software. Fingerprint Authentication Software installs hidden folders and files, that is, the folders and files are not visible using ordinary system tools.

Impact

A remote attacker could use hidden folders for unintended purposes.

Solution

Sony provides the latest information on this problem on its website.
For more information, refer to the vendor's website.

Vendor Status

Vendor Status Last Update Vendor Notes
Sony Corporation Vulnerable 2007/10/30

References

JPCERT/CC Addendum

Credit

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2007-000678

Update History