Remote devices could be providing a larger security risk than companies realise

News by Dan Raywood

Companies may be unwittingly allowing security problems due to MP3 players being connected at work.

Companies may be unwittingly allowing security problems due to MP3 players being connected at work.


Tim Farrell, CEO of Futuresoft, claimed that as a typical iPod classic can hold 30,000 songs, and one song is generally equal to 20 credit card magnetic strips, it allows the ability to steal, hold and download data easily. By simply plugging an iPod in a machine you could have the ability to store 600,000 credit cards.


Farrell said: “Companies are not protecting themselves at all, I know of very few who do anything to protect themselves and their customer data. This is turning into something that a company needs to change. The iPod can copy magnetic strips and that is all you need for someone's credit card details, you can simply walk in and take it.


“What's more, the iPod Touch has WiFi, and can sniff the environment and with Apple tools someone can take the details quite freely, and you wouldn't know anything about it.


“Whenever data is stored it has got to be locked down and made available to be transferred whenever you need it to be stored on a remote device.


“An iPod Classic will cost around $250 and if you managed to copy the data of 600,000 credit cards, which you could then sell on for around $1.50 for each on the black market, this would make a nice return on your money. I really think there is a need for people to realise that this can be dangerous and the customer needs to be aware that the threat is there and is real, and if a company gives up its details it is not hard to take it elsewhere.”


Kevin Gillis, VP of product management at Ipswitch, claimed that the biggest task for R.I.M. (the BlackBerry developer) and Apple is to strike a balance between ease of use, security and utility - the features and applications/solutions that run on the devices.


Gillis said: “A real threat is the inherent mobility of the devices and the massive amount of data stored on them. The mobile devices can come with as much built-in storage memory as can be found on an enterprise class server - 8GB+.  The more that can be stored locally, the more risk it presents.


“A possible way that vendors can mitigate this risk is by stepping up security on devices by providing capabilities like encrypted storage or ‘kill' features that can perform remote data erasure in case of a stolen device.”


He also claimed that R.I.M. and Apple will be continuously pressured by consumers and companies to open up the OS and the architecture, so that more powerful and interesting applications can be run on them. The problem here is that the more you open up the architecture and the OS, the more you have to worry about security.


“A second major risk stems from the popularity and explosive growth that has been realised in recent years. It is near impossible to protect every user in such a massive, rapidly growing, installed base, as less experienced users, unaware of best practices, expose themselves to security vulnerabilities and data breaches.


“Downloading malicious code, malware or running un-trusted Internet based applications can harm, not just the device and the data on it, but can also compromise a company's core network”, said Gillis.


Jean-Paul Ballerini, internet security systems expert at IBM X-Force, said: “A USB drive can be 16 or 32 GB so you offer room for data and it is easy to move and carry, so it is a delicate area. Many people are aware of the dangers that it can cause, but the data is there and almost anything can go on a USB and you can steal a server because they are virtual, so who is going to stop you?”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews