[ISN] Hackers Steal Sensitive Data using Digital Cameras

From: InfoSec News (isn@private)
Date: Tue Dec 06 2005 - 22:17:33 PST


http://www.it-observer.com/articles.php?id=966

By IT Observer Staff
6 December 2005 

Following a spate of reports about Bluetooth and iPods devices being
used to steal sensitive data from organizations, businesses are now
urging to be vigilant as hackers use digital cameras to sidestep
security measures.

"Camsnuffling", the latest IT managers headache being used to computer
attackers to extract and store data with the help of digital camera.  
The digital camera device, just like iPod and Bluetooth, is a simple
digital storage devices. Hence, simply plugging it into a computer's
USB can allow hackers to obtain sensitive data.

Ian Callens, Icomm Technologies, explains: "This is a very difficult
issue to manage and a real threat to business continuity and data
security. If someone is seen in the workplace using an iPod it's more
than likely that it's for the wrong reasons - either podslurping or
downloading music without permission. This is relatively easier to
police."

Many companies use digital cameras as part of their working day. This
fact makes it difficult at first glance to determine if cameras are
being used for work, or for hacking. In these businesses it's very
hard to enforce USB usage policies and not feasible to simply block
USB port.

"There are, however, steps that can be taken to reduce rogue
behaviour," said Callens. "Firstly, regularly change system passwords
that employ both letters and numerals. Secondly, issue internal memo's
to ask all to be vigilant, stating that observations are being
undertaken. Thirdly, consider adopting specific software to monitor
activity to actively manage the access rights to removable storage
devices. This should ensure that business productivity is not
affected, while actively guarding against the removal of data or the
introduction of inappropriate or malicious content to the network."



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.



This archive was generated by hypermail 2.1.3 : Tue Dec 06 2005 - 23:04:35 PST