Pod slurping threat to company data

Share this article:

A security researcher has warned how easy it is to copy vast amounts of confidential files using an iPod, a small copying program and some social engineering.

It means that an intruder with physical access to an office could connect their iPod to several workstations and could acquire 20,000 computer files in under an hour. The researcher dubs the technique "Pod slurping".

"I wrote a quick python application (called slurp) to help automate the file copy process," said Abe Usher at Centreville, VA-based security consultancy Sharp Ideas. "Slurp searches for the "C:\Documents and Settings\" directory on local hard drives, recurses through all of the subdirectories, and copies all document files."

He said he conducted experiments to test the viability of the program and it took 65 seconds to copy all document files from his computer as a logged-in user using Slurp and an iPod. Even without user details, it didn't take much longer to copy files.

"Without a username and password I was able to use a boot CD-ROM to bypass the login password and copy the document files from my hard drive to my iPod in about 3 minutes 15 seconds," Usher added.

Once the files are downloaded from their iPod onto a computer, the intruder can quickly scan through the files using a desktop search tool looking for confidential data.

He urged companies to restrict removable storage devices in the workplace and enforce strong physical security that prevents intruders from gaining access to information systems. He also said it was important to keep corporate data encrypted and on protected network shares rather than individual desktops.

Other experts warned that lax security policies could damage a company's reputation.

"Companies must wake up to the fact that allowing staff to use removable media devices in the workplace without adequate security and management can be a real security threat and this can impact massively on the integrity of the company and their business," said Martin Allen, MD of Pointsec UK.

www.sharp-ideas.net
www.pointsec.co.uk

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.