The spokesperson said that the elecontronics manufacturer stoped shipments of the product earlier this month. Rather than security concerns, however, the company phased out the product line because of "modest sales".
The company said that it is currently investigating the security issues. Pending the investigation, it is unable to say if it plans to instate a recall.
The three discontinued models are the USM-128C, USM-256F and USM-512FL, each of which comes equipped with an embedded fingerprint reader. Sony couldn't quantify the number of devices that have been distributed, but said that a " limited" number had been sold worldwide over the past few years.
Security vendor cautioned that malware writers could abuse a feature of the software that shipped with the device to hide malicious applications from the user and security software. The software, that is developed by Taiwan's FineArt Technology, operates in a way that resembles a rootkit.
In combination with the FineArt technology, the fingerprint reader controls access to the data stored on the device. The software stores information about authorised fingerprints in away that it is invisible to the end user as well as to some anti-virus software.
Although this helps in safeguarding the integrity of the fingerprint data, the folder also could provide a hiding place to viruses and other malware.
A different division of Sony got caught in a rootkit scandal two years ago. Record label Sony BMG at the time put rootkit technology on some of its music CDs in an effort to prevent illegal file sharing.
F-Secure, together with software developer Mark Russinovich, outed the label for using the technolgoy. Sony initially denied that it posed any security concerns, but was proven wrong the malware started exploiting the rootkit functionality. The scandal lead to a government investigation and several lawsuits, the majority of which has since been settled.
Sony halts production of rootkit USB sticks
By Tom Sanders on Sep 3, 2007 2:55PM