Pod slurping
This article needs additional citations for verification. (February 2012) |
Pod slurping is the act of using a portable data storage device such as an iPod digital audio player to illicitly download large quantities of confidential data by directly plugging it into a computer where the data are held, and which may be on the inside of a firewall. The phrase "pod slurping" was introduced by Abe Usher. It pertains to a malicious program embedded in a USB storage device, which activates automatically upon being connected to a host.[1]
There has been some work in the development of fixes to the problem, including a number of third-party security products that allow companies to set security policies related to USB device use, and features within operating systems that allow IT administrators or users to disable the USB port altogether. Unix-based or Unix-like systems can easily prevent users from mounting storage devices, and Microsoft has released instructions for preventing users from installing USB mass storage devices on its operating systems.[2]
Additional measures include physical obstruction of the USB ports, with measures ranging from the simple filling of ports with epoxy resin to commercial solutions which deposit a lockable plug into the port.[3]
See also
[edit]References
[edit]- ^ Anderson, Brian; Anderson, Barbara (2010), "USB-Based Virus/Malicious Code Launch", Seven Deadliest USB Attacks, Elsevier, pp. 65–96, retrieved 2024-02-29
- ^ "How can I prevent users from connecting to a USB storage device". Microsoft. 2009-09-15. Retrieved 2010-01-20.
- ^ USB port locking and blocking device
External links
[edit]The following external links act as an indirect mechanism of further learning on this topic (e.g., detailed descriptions, examples, and implementations).
- How To: Simple Podslurping Script
- Podslurping and Bluesnarfing – The latest IT threats
- Summary of Podslurping
- Podslurping and related risks
- Pod Slurping - an easy technique for stealing data (PDF file)
- Pod Slurping or Podslurping
- Early description of pod slurping activity
- Pod Slurping example and presentation