« Encrypted telemetry for IEDs | Main | More on IED telemetry »
June 22, 2005
Oh no, not an iPod! (redux)
Today's TechWeb News has an article about the dire threat that iPods pose to enterprise security. The latest round handwringing was set off by Abe Usher's demonstration of a program that would copy all the document files on a hard drive into your iPod. Now, we've known that this was possible for years and writing a program like this is incredibly trivial (it's a one-liner on UNIX). Usher's primary contribution appears to have been to give this attack a cool-sounding name: "pod slurping".It's not clear why Usher decided to focus on the iPod, since the same attack is possible with USB memory sticks, which are now so small they can fit easily in your wallet. Anyway, As I observed the last time this came up, stopping people who have physical access to your machines from stealing your confidential information is basically impossible--unless you're willing to strip search them on the way in and out. And this has been true pretty much ever since the invention of compact removable media--even a 5.25" floppy can carry plenty of confidential stuff. The take home is simple. If you don't trust people, don't let them near your computers, or any other confidential stuff for that matter.
Posted by ekr at June 22, 2005 7:55 PM | Filed under:
Comments
I'm not sure about Usher, but both Maynor and Dornsief used ipods because they can actively attack the system, and run attack code on the ipod.
You plug in the ipod, you get direct access to host RAM. You plug in a USB stick, at best, the mounter will execute some code in autorun.inf.
Posted by: Adam Shostack at June 23, 2005 8:11 AM