Your current Web browser may not display this site properly.

TrendSecure performs best when opened with the latest version of either Microsoft Internet Explorer or Mozilla Firefox .

Pod Slurping and USB-based Information Theft in the Enterprise

Like the tridents of old clasped by mythical entities, the Universal Serial Bus (USB) "trident" icon spells power. This symbol is stamped, printed, or engraved on much of today's gadgetry. This ubiquity is proof of how the USB network is embraced as the standard connection of many digital devices. Huge amounts of information pass through its portals, rendering it yet another gateway for the ill-willed to exploit.

Insider IT Threats

Attacks via USB can affect any computer user. However, the most vulnerable to such attacks are enterprises where, not only is anonymity easier, but the opportunity for financial gain is considerably higher. Compounding this is the fact that, in many enterprises, IT attacks originate inside the perimeter. IT professional Michael Thelander calls the insider threat the "Great Wall Syndrome." He cites a survey of Fortune 100 companies where insiders caused approximately 70 percent of reported security breaches. Thedman discusses how IT security focuses on perimeter defense, whereas the majority of security violations occur inside the enterprise itself.

Pod Slurping

The availability of numerous USB-capable devices that incorporate various complex features and massive storage space is wreaking havoc on the information security landscape. Able to store as much as 80 GB of data, the wildly popular iPod offers an alarming example of how a USB attack can be stealthily perpetrated.

In June of 2005, Abe Usher, founder of Sharp Ideas, LLC, developed a proof-of-concept called "Slurp.exe" to demonstrate how to easily and illicitly download large amounts of data from networked PCs to iPods. He called it "pod slurping" and blogged, "...in 2 minutes, it's possible to extract about 100 MB of Word, Excel, PDF files-basically anything which might contain business data...." To extract the data, the user plugs the storage device into a USB port and runs the executable "slurp" file. In January of 2006, Usher released "Slurp Audit"-a second generation proof-of-concept application designed to demonstrate the ease of corporate data theft with a multitude of readily available portable storage devices, including PDAs and USB Sticks. The application, Usher explained on his Web site, was designed to generate awareness about the risks associated with unmanaged portable storage devices in the corporate community.

Pod slurping, or USB-based information theft, is not the only type of attack that USB removable media devices can enable. Because most USB-capable devices are hot-swappable, they can be plugged in again and again to different PCs-a situation highly favorable to the spread of malware. The QQPASS worm fiasco that infected 10,000 free McDonald's Japan MP3 players and the RavMonE.exe malware that shipped with iPod Video last year are examples of the potent role of USB-capable devices in malware propagation. USB also empowers an attacker to use guerrilla warfare- an ambush-and-flee tactic that renders information thievery and system sabotage virtually untraceable.

No USBs Allowed

Security experts and system administrators have long since realized the dangers that USB removable media devices can pose. Many companies to date are attempting to control USB usage, largely in the form of restrictions on possession of USB devices in the workplace. Such restrictions can be difficult to enforce, however, prompting the need for more efficient methods of preventing pod slurping. Microsoft Windows Vista, for example, includes advanced removable storage management settings to curb malicious use of such devices and to prevent data theft.

In spite of these precautionary measures and increased awareness, the perception remains that USB-based attacks (or any brute force hardware attack, for that matter) are less important than traditional IT security threats. The reality is that the impact of pod slurping or other USB attacks can be equally as damaging as malware attacks and should be taken just as seriously.

References: