July 07, 2004
iPods & Flash Drives Are Probably Worse Risks Than Camera Phones
...At least in my opinion. Many camera phones on the street still take fuzzy low-res photos (although that's a-changing too, with more megapixels coming all the time). This isn't saying that they can't be used to compromise sensitive information, record movies, violate privacies, etc. Of course they can.
However, while the mainstream is busy banning camera phones like it's the latest fashion craze, innocent-looking camera-less devices (and their owners) can easily be making off with a LOT more information. Compact, high capacity, and high speed USB and Firewire devices connect nearly instantly, without security measures or additional drivers, and can receive or transmit a lot of information in a very short time. Consider iPods, portable hard drives, tiny flash drives, flash card readers, and more. Why steal a desktop or laptop PC when you can make a copy of its potentially more valuable data in a fashion that's quick and nearly undetectable? On the flip side, they could be used as entry points for distributing malware into various networks.
The allure of these tiny, light, ultraportable, hot-swapping, plug 'n' play marvels (which Windows instantly mounts) is incredible. After all those years of suffering through torturous legacy hardware incompatibilities, popping off PC cases, and incurring the lifetime scars from sharp innards, we've finally arrived into hot swap Nirvana.
Apparently, Gartner thinks so too, as the The Register reports these devices are the latest security risks. Don't get me wrong, as I'd rather part with a thousand blurry (and thus mostly useless) camera phones before giving up my High-speed USB drives. They're that convenient and they just plain work (like doing a full Ghost dump of my laptop's drive in 12 minutes under full compression, and restoring it in under 5). Quite a long while ago, I read an online news article about folks walking into computer stores with hard drive music players and using them to download and pirate Mac software right off the sales floor PC's (it was probably on Wired News or The Register). Back then I wondered how long it'd be until these devices would be banned in commercial places.
So once again, the mainstream feels good in banning cell phones all over the place to feel secure. In my mind, why capture bad video when you can get perfect copies of the source? Doh! It's not like these things haven't been around longer than camera phones. Just something to think about if you routinely leave your PC unattended and unwatched during meetings, lunch, etc. Even if you tie it down with a Kensington cable, make sure you lock it via Ctrl-Alt-Del. With new tiny flash drives being endowed with 32-bit processors and server capabilities, I truly feel it's only a matter of time until someone comes up with an even slicker way to suck your secrets while you're standing in the express check-out lane during lunch.
Of course, all of this discussion begs the question of why chance getting caught in the physical act at the scene of the crime? What the news story really should have mentioned is that even USB (Ultra Speed Burglary) and laptop lifting is passť today when you think of the chic-ness and thrill of doing it wirelessly through all of the many grossly insecure consumer-configured Wi-Fi networks and personal firewall-less notebooks. Somehow it gives new meaning in a Wi-Fied McDonalds when they ask if you want it "to go".