Camsnuffling security threat
Following a spate of reports about iPods being used to steal sensitive business data, Birmingham based IT service and support provider, Icomm Technologies, is now urging businesses to be vigilant as ‘Camsnufflers’ use digital cameras to sidestep security measures.
‘Podslurping’, ‘Bluesnarfing’
‘Podslurping’, which refers to errant staff using iPods to download and store data from a PC, and ’Bluesnarfing’, which involves the use of bluetooth devices with the same result, has caused a security headache for many IT managers. Now, Icomm is flagging up ‘Camsnuffling’, as the latest method being used by hackers to extract and store data with the help of a digital camera.
Ian Callens, Icomm Sales Manager
A computer’s USB port can effectively allow the user to obtain reams of sensitive data
A digital camera, like an iPod and bluetooth devices, is essentially just another digital storage device. Therefore, simply plugging it into a computer’s USB port can effectively allow the user to obtain reams of sensitive data. With 80% of all malicious or accidental security breaches coming from within this is now a major area of concern for any business.
Due to its status as a common everyday appliance - one in five UK households now own one - a digital camera can be overlooked as a downloading tool for covert reasons. But the activity of using one as a repository of illicit information is becoming more and more prevalent and is now threatening to affect data security and business continuity of many firms.
However, many companies use digital cameras as part and parcel of their working day. This means it is difficult at first glance to determine if cameras are being used for work purposes, or indeed for ‘Camsnuffling’. In these businesses, it’s very hard to police and not feasible to simply ban USB port use as printers are USB applications. In effect, any restrictions would be unlikely to work.
A real threat to business continuity
Icomm Technologies, Ian Callens, explains: “This is a very difficult issue to manage and a real threat to business continuity and data security. If someone is seen in the workplace using an iPod it’s more than likely that it’s for the wrong reasons - either podslurping or downloading music without permission. This is relatively easier to police.
“However many businesses now use digital cameras and spotting illegitimate use is very hard. Digital cameras have all the storage functionality and concealabilty of an iPod. The big difference is there are more cameras in circulation. This adds to the threat.
“There are, however, steps that can be taken to reduce rogue behaviour. Firstly, regularly change system passwords that employ both letters and numerals. Secondly, issue internal memo’s to ask all to be vigilant, stating that observations are being undertaken. Thirdly, consider adopting specific software to monitor activity to actively manage the access rights to removable storage devices. This should ensure that business productivity is not effected, while actively guarding against the removal of data or the introduction of inappropriate or malicious content to the network.”
2006
