Pod slurping threat to company data
A security researcher has warned how easy it is to copy vast amounts of confidential files using an iPod, a small copying program and some social engineering.
It means that an intruder with physical access to an office could connect their iPod to several workstations and could acquire 20,000 computer files in under an hour. The researcher dubs the technique "Pod slurping".
"I wrote a quick python application (called slurp) to help automate the file copy process," said Abe Usher at Centreville, VA-based security consultancy Sharp Ideas. "Slurp searches for the "C:\Documents and Settings\" directory on local hard drives, recurses through all of the subdirectories, and copies all document files."
He said he conducted experiments to test the viability of the program and it took 65 seconds to copy all document files from his computer as a logged-in user using Slurp and an iPod. Even without user details, it didn't take much longer to copy files.
"Without a username and password I was able to use a boot CD-ROM to bypass the login password and copy the document files from my hard drive to my iPod in about 3 minutes 15 seconds," Usher added.
Once the files are downloaded from their iPod onto a computer, the intruder can quickly scan through the files using a desktop search tool looking for confidential data.
He urged companies to restrict removable storage devices in the workplace and enforce strong physical security that prevents intruders from gaining access to information systems. He also said it was important to keep corporate data encrypted and on protected network shares rather than individual desktops.
Other experts warned that lax security policies could damage a company's reputation.
"Companies must wake up to the fact that allowing staff to use removable media devices in the workplace without adequate security and management can be a real security threat and this can impact massively on the integrity of the company and their business," said Martin Allen, MD of Pointsec UK.