We recently learned that certain discontinued models of Sony’s fingerprint authentication MicroVault USB storage devices use software, provided by an outside vendor, which creates “cloaked” files on any computer on which the software is installed. Security experts advise that third parties could exploit this functionality to conceal harmful programs. We are working with the software vendor to issue as soon as possible a downloadable patch, which we expect to have available before the end of the month.
In addition to downloading the patch when it becomes available, customers have the option of immediately uninstalling the software. Information about the uninstallation method is provided below. Customers should also refrain from installing the existing software on any computer.
[Symptom and Cause]
- Certain discontinued models of Sony’s MicroVault USB storage devices with fingerprint readers use software that creates “cloaked” files on any computer on which the software is installed. Technically, third parties could exploit this functionality to conceal harmful programs. So far, we have not received any reports of attempts to exploit this.
- Some antivirus programs may detect, isolate, and quarantine the software associated with the fingerprint authentication MicroVault USB storage devices. This may impact the user’s ability to utilize the fingerprint authentication feature.
[Subject Products/Models]
Sony’s fingerprint authentication “MicroVault” USB storage devices
| ・ |
USM-64C |
(distributed in Asia/Pacific, Canada, and Latin America) |
| ・ |
USM-128C |
(distributed in Europe, Asia/Pacific, United States, Canada, and Latin America) |
| ・ |
USM-128F |
(distributed in Japan) |
| ・ |
USM-256F |
(distributed in Europe, Asia/Pacific, United States, and Canada) |
| ・ |
USM-512FL |
(distributed in Japan, Canada, Latin America, Europe, Asia/Pacific, and United States) |
[How to uninstall the software]
Once the software is uninstalled, customers will not be able to retrieve encrypted files until they reinstall the software in the future following distribution of our update. Therefore, it is recommended that customers decrypt all encrypted files on the device and on any computer and store such decrypted files on their computer and/or other removable recording media before uninstalling the software. Once the files are decrypted, consumers wishing to uninstall the software can do so. Please follow the recommended uninstall instructions.
http://www.sony.net/Products/Media/Microvault/files/USMFLC/
How_to_Uninstall_Fingerprint_Access_Software.pdf
Software for MicroVault USB storage devices other than the models listed above does not use the cloaking functionality.
Any customer who is unable to uninstall the software have any question on this matter, please contact the Sony Customer Information Center of each Country.
