Share to: share facebook share twitter share wa share telegram print page

 

Pod slurping

Pod slurping is the act of using a portable data storage device such as an iPod digital audio player to illicitly download large quantities of confidential data by directly plugging it into a computer where the data are held, and which may be on the inside of a firewall. The phrase "pod slurping" was introduced by Abe Usher. It pertains to a malicious program embedded in a USB storage device, which activates automatically upon being connected to a host.[1]

There has been some work in the development of fixes to the problem, including a number of third-party security products that allow companies to set security policies related to USB device use, and features within operating systems that allow IT administrators or users to disable the USB port altogether. Unix-based or Unix-like systems can easily prevent users from mounting storage devices, and Microsoft has released instructions for preventing users from installing USB mass storage devices on its operating systems.[2]

Additional measures include physical obstruction of the USB ports, with measures ranging from the simple filling of ports with epoxy resin to commercial solutions which deposit a lockable plug into the port.[3]

See also

References

  1. ^ Anderson, Brian; Anderson, Barbara (2010), "USB-Based Virus/Malicious Code Launch", Seven Deadliest USB Attacks, Elsevier, pp. 65–96, retrieved 2024-02-29
  2. ^ "How can I prevent users from connecting to a USB storage device". Microsoft. 2009-09-15. Retrieved 2010-01-20.
  3. ^ USB port locking and blocking device

The following external links act as an indirect mechanism of further learning on this topic (e.g., detailed descriptions, examples, and implementations).

Kembali kehalaman sebelumnya