Pod Slurping To Threaten Security

Posted by: Olga Kharif on July 26, 2005

A new security threat is fast emerging; it’s called Pod slurping. What it is: A while back, Abe Usher, whose blog can be found here, wrote a program that allows an iPod digital music player to download more than 20,000 files an hour from any computer it’s connected to.

Usher’s goal was to demonstrate vulnerability of corporate security. He had demonstrated it with gusto, by running the program on his own computer. The program copied all of his PC’s document files onto his iPod in 65 seconds.

What this means: any connected consumer electronics device, such as an iPod, MP3 player, a digital camera or a cell phone could, potentially be used to steal sensitive corporate data.

This problem will only snowball as the iPod and other consumer devices get wireless connectivity capabilities, as they no doubt will. Then, downloading files from the corporate network will be even easier: You won't even have to plug anything into your Wi-Fi-enabled laptop. Your laptop and your iPod will simply exchange files wirelessly.

The danger lies not only in devices downloading information, but also in uploading it. An iPod could, potentially, infect a network with a virus.

So, what's the solution? Usher recommends that companies restrict the use of devices like the iPod, which can store loads of information, within their companies. It's also a measure that consultancy Gartner recommends in a recent report.

Companies also need to store their files on protected corporate networks vs. individual computers, so unauthorized intruders wouldn't be able to access them. Encryption helps, too.

Or, check out some special software from SmartLine Inc., which locks access to USB and FireWire ports, used to connect portable consumer electronics devices to a computer. The software also restricts which users can access a company's Wi-Fi and Bluetooth wireless connections.

It's unclear how much of a threat iPod slurping really is today. I haven't found any information on companies that actually suffered due to iPod slurping; of course, they aren't likely to tell the world of security breaches they'd suffered, either.

Still, as consumer electronics gains wireless capabilities, I can see how iPod slurping could become a major problem.

TrackBack URL for this entry: http://blogs.businessweek.com/mt/mt-tb.cgi/

Reader Comments

michael parekh

July 27, 2005 06:29 PM

Does it never end? The wanton evil our devices our capable of?

Pod surfing...I like the phrase...thanks!
:)

Ken Westin

November 11, 2005 02:18 AM

But, it does not have to be a matter of banning them on the corporate network, that is just not possible as many of the devices are critical to business. There are products like DeviceWall (www.devicewall.com) which allow an admin to control what devices are allowed on various systems, it even provides the ability to provide it for a short period of time and even audits what is downloaded to the devices.

Andrew

February 19, 2006 09:45 AM

There are several products on the market that can control access to such devices. Products like DeviceLock (www.devicelock.com) and securewave are able to selectively block device. They support white listing of USB devices. DeviceLock even can't be disabled by users with local admin privileges.

Howerver, there are also very weak products in this category. For example DeviceWall which cost much more than DeviceLock but doesn't provide any security at all. DeviceWall can be easily disabled by experienced users and doesn't support white list. The review of device control solutions is available at: http://www.securitybyte.com/articles/device_control_solutions.ehtml

Matt Fisher

March 21, 2006 11:55 AM

Re the above post - you would expect the UK reseller of DeviceLock to say that, wouldn't you?

The criticism of DeviceWall is completely out of date and shows that the poster simply does not keep up with the market.

http://www.itweek.co.uk/itweek/news/2152050/usb-device-controls-smarten

Matthew

October 31, 2006 03:49 AM

GFI has recently released a new whitepaper which discusses the problem with uncontrolled use of iPods, USB sticks and flash drives on companies’ networks. It is entitled “Pod slurping: an easy technique of stealing data”, accesss to this whitepaper is free, and furthermore requires no registration. The whitepaper is found at http://www.gfi.com/whitepapers/pod-slurping-an-easy-technique-for-stealing-data.pdf

Post a comment

 

About

BusinessWeek writers Peter Burrows, Cliff Edwards, Olga Kharif, Aaron Ricadela, Douglas MacMillan, and Spencer Ante dig behind the headlines to analyze what’s really happening throughout the world of technology. One of the first mainstream media tech blogs, Tech Beat covers everything from tech bellwethers like Apple, Google, and Intel and emerging new leaders such as Facebook to new technologies, trends, and controversies.

Categories

 

BW Mall - Sponsored Links

Buy a link now!