Pod Slurping
Monday, December 14, 2009 2:06
Pod slurping is a generic term that refers to a technique where someone uses an MP3 player, such as an iPod, to steal sensitive information from a company. In addition to MP3 players, thieves can also use other devices such as flash drives, digital cameras, mobile phones, PDA’s, or other plug-and-play devices that have storage capabilities. Basically, any portable storage device can be used to steal or slurp sensitive information. Special software on the thief’s device can automatically search the computer it is connected to for any sensitive information and then download or “slurp” the information to the device. This type of software can easily be downloaded from the internet. Back in 2004, security expert Abe Usher developed a program called “slurp.exe” that he used on his iPod to demonstrate how information could easily be “slurped” from a computer. In the demonstration, it took just over a minute to download all files from the computer.
Most of the devices that can be used in this type of attack are small and can be easily hidden when entering or leaving a business. Also, most are not really suspicious in nature, and most people would not think twice about someone having one of these devices. The difference in the thief’s device and in normal ones is the software application installed on the device. These devices can be connected to someone’s computer using a USB, Firewire, or even a Bluetooth connection. Most of these devices have the capability of holding gigabytes of information so they could easily download and store the majority of sensitive information from a businesses computer.
Slurping is automated and very simple for an attacker, usually an insider or someone who has access to the business, to steal important information from the business. All that is needed is the device, software, and the opportunity to connect the device to the computer.
You can find a short video on youtube on this subject which provides some good slides that describe pod slurping. The second part of the video is more of an advertisement for the company’s software which prevents pod slurping.
To protect against slurping attacks, endpoint security measures and policies must be put in place. Next week, I will discuss what is meant by endpoint security and how to implement it.
Related posts: