? AMD Ascendant |
| The Amazon Guessing Game ?
July 26, 2005
Pod Slurping To Threaten Security
A new security threat is fast emerging; it's called Pod slurping. What it is: A while back, Abe Usher, whose blog can be found here, wrote a program that allows an iPod digital music player to download more than 20,000 files an hour from any computer it's connected to.
Usher's goal was to demonstrate vulnerability of corporate security. He had demonstrated it with gusto, by running the program on his own computer. The program copied all of his PC's document files onto his iPod in 65 seconds.
What this means: any connected consumer electronics device, such as an iPod, MP3 player, a digital camera or a cell phone could, potentially be used to steal sensitive corporate data.
This problem will only snowball as the iPod and other consumer devices get wireless connectivity capabilities, as they no doubt will. Then, downloading files from the corporate network will be even easier: You won't even have to plug anything into your Wi-Fi-enabled laptop. Your laptop and your iPod will simply exchange files wirelessly.
The danger lies not only in devices downloading information, but also in uploading it. An iPod could, potentially, infect a network with a virus.
So, what's the solution? Usher recommends that companies restrict the use of devices like the iPod, which can store loads of information, within their companies. It's also a measure that consultancy Gartner recommends in a recent report.
Companies also need to store their files on protected corporate networks vs. individual computers, so unauthorized intruders wouldn't be able to access them. Encryption helps, too.
Or, check out some special software from SmartLine Inc., which locks access to USB and FireWire ports, used to connect portable consumer electronics devices to a computer. The software also restricts which users can access a company's Wi-Fi and Bluetooth wireless connections.
It's unclear how much of a threat iPod slurping really is today. I haven't found any information on companies that actually suffered due to iPod slurping; of course, they aren't likely to tell the world of security breaches they'd suffered, either.
Still, as consumer electronics gains wireless capabilities, I can see how iPod slurping could become a major problem.
TrackBack URL for this entry:
Listed below are links to weblogs that reference Pod Slurping To Threaten Security:
? Pod-slurping: Help, there's storage everywhere! from Blogspotting
Data-slurping iPods pose security risks in the workplace, but the solution isn't to crack down on memory devices. [Read More]
Tracked on July 27, 2005 11:07 AM
? ON TV GUIDE'S NEW WORLD from *michael parekh on IT*
WE DON'T NEED NO STINKIN' GUIDES!* It's been a roller-coast week in the world of media and technology and it's only Wednesday! Don't know what I'm talking about? Well, let me show you the dots. 1. TV GUIDE PUNTS: This week TV Guide, a 52 year old Ameri... [Read More]
Tracked on July 27, 2005 06:21 PM
Does it never end? The wanton evil our devices our capable of?
Pod surfing...I like the phrase...thanks!
Posted by: michael parekh at July 27, 2005 06:29 PM
But, it does not have to be a matter of banning them on the corporate network, that is just not possible as many of the devices are critical to business. There are products like DeviceWall (www.devicewall.com) which allow an admin to control what devices are allowed on various systems, it even provides the ability to provide it for a short period of time and even audits what is downloaded to the devices.
Posted by: Ken Westin at November 11, 2005 02:18 AM
There are several products on the market that can control access to such devices. Products like DeviceLock (www.devicelock.com) and securewave are able to selectively block device. They support white listing of USB devices. DeviceLock even can't be disabled by users with local admin privileges.
Howerver, there are also very weak products in this category. For example DeviceWall which cost much more than DeviceLock but doesn't provide any security at all. DeviceWall can be easily disabled by experienced users and doesn't support white list. The review of device control solutions is available at: http://www.securitybyte.com/articles/device_control_solutions.ehtml
Posted by: Andrew at February 19, 2006 09:45 AM
Re the above post - you would expect the UK reseller of DeviceLock to say that, wouldn't you?
The criticism of DeviceWall is completely out of date and shows that the poster simply does not keep up with the market.
Posted by: Matt Fisher at March 21, 2006 11:55 AM
GFI has recently released a new whitepaper which discusses the problem with uncontrolled use of iPods, USB sticks and flash drives on companies’ networks. It is entitled “Pod slurping: an easy technique of stealing data”, accesss to this whitepaper is free, and furthermore requires no registration. The whitepaper is found at http://www.gfi.com/whitepapers/pod-slurping-an-easy-technique-for-stealing-data.pdf
Posted by: Matthew at October 31, 2006 03:49 AM