iPods are the latest security risk

Thumbs down from Gartner

  • alert
  • submit to reddit

Apple's trendy iPod players could be a serious security risk, Gartner claims. The analyst firm says the devices could be used to sneak out valuable corporate information or introduce computer viruses into corporate environments.

Gartner expresses similar concerns about portable FireWire hard drives, such as those from LaCie or Toshiba, and USB hard drives or keychain drives, digital cameras with smart media cards, memory sticks (we've been there already), compact flash and other memory media.

In a research note, Gartner analyst Ruggero Contu writes: "The use of unauthorised portable storage devices poses many dangers, not least for the malicious code that they can introduce. High data capacity and transfer rates, and broad platform support mean that a Universal Serial Bus (USB) or FireWire (IEEE 1394) device has the capacity to quickly download much valuable corporate information, which can be easily leaked to the outside world.

"This underlying vulnerability has existed since the release of Microsoft Windows 2000, the first widely deployed operating system able to mount a USB storage device automatically," he adds.

Firms should think about disabling universal plug and play functions after installing desired drivers, to restrict their use to authorised devices, Gartner advises. Host-based intrusion prevention software can be used to control the use of USB ports, and we can expect this function to feature prominently in sales pitches from SecureWave, PrevX, Cisco and the like over coming months. ®

Related stories

Dirty rotten inducers - the law the IT world deserves? [criminalizing the iPod]
Memory sticks are the latest security risk
UK reseller unveils 'video iPod'


Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.