Skip to comments.iPods can be tools of espionage
Posted on 04/25/2005 10:38:45 PM PDT by ambrose
iPods can be tools of espionage
APRIL 26, 2005
STOLEN laptops and lost PDAs embarrass governments and businesses. Paris Hilton's smartphone outed her contacts. But the new corporate security risk might be a seemingly innocent iPod.
With gigabyte data capacities, they are the potential weak links in small-to-medium enterprises (SME) and corporate networks that are otherwise secured at significant effort and expense.
Oscar Moren, Australian managing director of Pointsec Mobile Technologies, which specialises in encryption for all the main PC and mobile platforms and storage media, says Australian companies are only starting to understand how dangerous removable media can be.
"Mobile devices so powerful they commonly have 2GB of storage and are a security risk because they can store so much sensitive information," he says.
It is inevitable that legislation such as Sarbanes-Oxley and Australia's Privacy Act could apply to information lost by use of these devices.
A significant problem is the ownership of the devices, usually worker's private property, but that may have to change, Moren says.
"If you are going to allow your staff to access the network it has to be through a device owned by the company," he says.
"To be able to roll-out these devices on a large scale and have them under control you should standardise on a few different devices and you should hand them out to ensure you have control and can provide support."
As if to drive home the point, Pointsec earlier this year bought hard drives and computers from eBay Australia with supposedly erased hard disks.
But "we could read information on 12 out of 14 devices including information from one really large financial organisation with the current door access codes, security pass lists and employee details," Moren says.
Asked why Australian businesses sought mobile security from his firm, Moren says some were reacting to an event, others were taking preventive measures.
"When our business case is accepted really fast, we know there's been an incident, but corporates don't talk about it," he says.
Pointsec secures laptops, PDAs and smartphones "within Australian government agencies" and he expects approval to supply Defence Signals Directorate this June.
Pointsec recently encrypted 11,000 PDAs for the US Army.
Taking a slightly different approach to laptop security, IBM recently released laptops with biometric fingerprint access, data encryption and embedded traceability tools.
Greg Hunt, IBM's local ThinkPad brand manager, says IBM used Absolute Software's Computrace in the BIOS firmware, with a $1000 recovery guarantee.
A thief who goes online with the stolen laptop can be traced, even if they have tried to cover their tracks by replacing the hard disk.
The missing data on IBM's new laptops would be secured by a 2048-bit cryptographic chip on the motherboard.
"The threat is increasing so customers want to talk about securing mobile devices," he says.
While companies may set policies on encrypting information, removable media makes it easy to move data.
Some CIOs reacted by limiting hardware, banning removable media devices and eliminating DVD/CD burners, Hunts says.
IBM's other deterrent to mobile theft is a fingerprint scanner that identifies authorised users at login and at websites, Hunt says.
It can save on support costs, as 30 per cent of helpdesk calls are requests to reset forgotten passwords, he says.
Omron of Japan is taking mobile security a step further.
Its OKAO Vision Face Recognition Sensor for camera equipped mobile devices takes one second to recognise the owner and unlock, so personal information including address books, schedules and payment information are secured if the phone is lost.
The technology can be used on mobile equipment with a built-in camera, Omrom says.
Cool. We ought to establish a national biometric database, for everything from voting rights to daily commerce. Far from being an oppressive tyranny, it would be a boon to personal freedom.
Let's start with a Breathalyzer system at Ted Kennedy's Senate office door...Schizophrenia detector at John Kerry's door...Nothing Original Here detector at Joe "The Hairplugged Plagiarist" Biden's door...Hypocrisy detector at Dirty Harry Reid's door...Idiot Pit Bull at Barbara Boxer's door...and a White House Silverware metal detector at Hillary's door....
And maybe Hanes Inspector #9 should frisk Sandy Berger's underwear whenever he LEAVES a building....
If you lose one, you should be able to send a self destruct signal ala Mission Impossible.
With key drives at 2GB and iPods at up to 60GB, how much data can be stolen by a disgruntled employee without a trace? Dell and Gateway better stop including USB ports on their desktops.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.