Risks of Portabale Memory Devices as a Security Threat Growing

No, “pod slurping” is not something that happens in a sci-fi movie (although that’s not a bad idea …); it’s the practice of using an iPod or other small, portable memory device to illicitly download corporate data.

Here are three things you need to know about this alarming new security threat, also called “bluesnarfing.”

1: It’s a growing risk. In two minutes, analysts say, it’s possible for an iPod to extract about 100 megabytes of Word or Excel data from a corporate network. Experts agree that as iPods, memory sticks, and digital cameras proliferate in the workplace, more employees are bluesnarfing critical information at an alarming rate. To prove the point, one security guru wrote a program that searched the corporate network for business-critical data, which he then downloaded to his music player – looking for all the world like any worker listening to tunes.

2: Smaller devices, bigger memory. No technology stands still; in the next few years, memory sticks, flash drives, iPods, and other devices are sure to get smaller, cheaper, and more powerful. Today’s memory sticks commonly hold 500 megabytes to 1 gigabyte of data. Two years from now, that capacity will be up to 10 gigabytes, experts predict – meaning a disgruntled worker could download a large company’s entire customer list in minutes. Indeed, most security analysts agree that before 2006 is over, we’ll see some large companies suffer massive data losses to bluesnarfing attacks.

3: Help is coming. Fully aware of the pod slurping risk, security firms are beginning to offer applications that address the problem. Thus far, these programs are limited in ability; they essentially demonstrate to security managers how easy it is for data to be downloaded. But a new generation of software will detect and, eventually, help prevent bluesnarfing. Nevertheless, businesses need to set in place policies on iPods and other memory devices and educate workers on the threats to information security and the important role they play in preventing them.

© National Security Institute, Inc. – Content excerpted from NSI’s SECURITYsense—a monthly information security awareness service for educating your end users. This copyrighted article is the property of the National Security Institute and may not be reproduced or redistributed in any form without license agreement. For more information on the SECURITYsense program and to view FREE samples, visit http://nsi.org/SECURITYsense2.html.





Around the Network