Enough to send shivers down the spine of any IT Security employee is news that viruses now come preinstalled (for your convenience) on portable music players like the iPod, as well as on GPS systems and possibly other portable devices.
Many employees treat lunch-time as a somewhat sadistic date with their computers - so that means plugging in various devices to their hapless desktop/notepad and torturing it with downloads of firmware upgrades, content, and syncing up mail/contacts etc.
Not an issue per se, of course, and in fact this may increase productivity by making employees feel more 'at home' and comfortable at their workplace - as long as the actions do not constitute a violation of corporate policies, needless to say.
However, the risk is that some of these devices - which you'd expect to be 'pristine' and 'untouched' may be having a nasty surprise in store for you (and for your IT team that must clear up the gory mess).
http://ap.google.com/article/ALeqM5j5sV-97QAoIse_DNzmQ6bD6oKXJwD8VCQIK80
It appears that many of these problems originate in devices manufactured in - where else? - China, where a careless tester may be plugging in these mini-computers to their stations for a final validation step, and inadvertently transferring the evil payload in the process.
Where this could be a REAL threat to a country's security is when this corruption happens DELIBERATELY, with malicious intent. So, imagine a defense dept official plugging in his/her child's iPod to their office laptop to download music or troubleshoot - and WHOOP - you got a password stealer installed stealthily. You can imagine the rest.
I've previously noted on this blog on the risks of USB ports and CD/floppy drives on sensitive computers. Just glue them up if there's no need for them to be available. I'm not about to preach on the physical aspect of a company's security policy, but having steel doors is not enough. And for those that think AV solutions are the panacea for such problems, please note that some of these miserable little programs DISABLE the AV so no alarms are raised.
Be safe!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment