Apple's iPod a useful tool for criminals

Jul 03, 2005

By K.I. MARSHALL WASHINGTON, July 1 (UPI) -- Apple's iPod and other portable digital media devices have become as useful to criminals as they are to the general public, computer-security experts have discovered.

"Similar to the way the personal computer became common in the home in the '80s and '90s, the iPod is becoming common today," Dr. Marcus Rogers, a cybercrime expert at Purdue University's Center for Education and Research in Information and Security, in West Lafayette, Ind., wrote in a recent report, "iPod Forensics."

This growing popularity, Rogers continued, "has allowed a criminal element to find 'alternative' uses for a seemingly harmless device, and the Apple iPod is finding its way into the criminal's bag of tricks."

The most apparent of these uses is corporate or personal information theft -- although the threat of information theft has existed since the advent of removal media such as the floppy disk.

"This is nothing new," Winn Schwartau, founder of Interpact Inc.,, in Seminole, Fla.,, an information-security services company."If you go back 15 years the threat was floppies, then it was CDs, then Dipstick," Schwartau told United Press International."The premise is identical, the opportunity is the same, and the crime is the same."

Interpact offers programs designed to educate corporate employees on proper security behavior, including use of removable storage.

The iPod's large capacity and ability to connect easily to a computer and transfer data rapidly via a Universal Serial Bus -- known commonly as a USB -- or FireWire port make it potentially more useful in information theft, said Abe Usher, founder of Sharp Ideas, an IT consulting firm in Centreville, Va.

"The iPod has wide adoption, is overlooked by security, and has large storage space," Usher told UPI in an e-mail."CDs and floppy disks are not 'as dangerous' because they lack the space that an iPod has, and carrying a stack of CD-ROMs around is more conspicuous than carrying an iPod."

Usher recently sought to demonstrate the iPod's potential for corporate information theft by writing a program for the device that automatically copies all the documents from a computer as soon as the device is connected.Usher said he was able to copy all of the documents in his computer in 65 seconds.Last year, Gartner Inc.,, in Stamford, Conn.,, a technology-research firm, released "How to Tackle the Threat from Portable Storage Devices," a report that recognized the removable-digital-device threat to corporate security and suggested steps companies could take to reduce their vulnerability, including restricting or prohibiting portable media devices.

Most companies do not take the necessary precautions to limit access of portable devices to their computers.In a recent poll conducted by Centennial Software, a software security company in Swindon, United Kingdom, 87 percent of companies polled reported they had taken no steps to prevent unauthorized use of removable media devices in the workplace.Also, 51 percent of respondents said they were aware of the security threat from those devices.

"What we are looking at is 25 years of corporate apathy," Schwartau said."We have too many executives in too many companies who think that it will never happen to them and that it is too expensive."

One possible way of limiting access to iPods and other devices that use USB ports is to disable them.The problem is most new computing peripheral devices, such as printers, scanners, keyboards and mice, use USBs and could not function without them.Another option is to employ software that limits specific uses for USB ports.Several such products allow network administrators to restrict access to CD drives, floppy drives, wireless connections and USBs.

All portable digital media devices must be plugged in physically to a computer and Schwartau noted the human element of information theft is overlooked in the rush to blame technology.

"This is a people problem rather than a technology problem," he said."What people require is education.If you look at Secret Service Records, they say that 80 percent of cybercrime cases involve an internal element, whether intentional or unintentional."

Schwartau said that as soon as employees are educated about proper security procedures, companies can differentiate between intentional and unintentional security breaches and focus their efforts on malicious attackers.

Along with their use in information theft, iPods and other portable media devices can be used to spread viruses or child pornography, or maintain records for criminal organizations, Rogers said.Despite the dangers, the technology has a useful potential in criminal investigations, but only if investigators know what to look for.

"The technology is neutral," Rogers told UPI in an e-mail."Investigators and information security professionals need to be aware of the devices and their capabilities.Most investigators know to look for CDs and floppies, but not to search music devices."

Rogers said whenever a device is recognized, it can become a wealth of information for investigators."The ability to trace the device not only to a system, but to an account and user on that system is a big plus for investigators," he said.

Copyright 2005 by United Press International

Explore further: US official: Auto safety agency under review

add to favorites email to friend print save as pdf

Related Stories

Review: Apple Pay in action

Oct 21, 2014

If there ever comes a day I can ditch my wallet and use my phone to pay for everything, I'll look back to my first purchase through Apple Pay: a Big Mac and medium fries for $5.44. That wallet-free day won't ...

Samsung phones cleared for US government use

Oct 21, 2014

Samsung Electronics Co. said Tuesday some of its Galaxy mobile devices were approved by the National Security Agency for use with classified U.S. government networks and data, a boost to the company's efforts to expand in ...

Apple sees iCloud attacks; China hack reported

Oct 21, 2014

Apple said Tuesday its iCloud server has been the target of "intermittent" attacks, hours after a security blog said Chinese authorities had been trying to hack into the system.

Recommended for you

US official: Auto safety agency under review

1 hour ago

Transportation officials are reviewing the "safety culture" of the U.S. agency that oversees auto recalls, a senior Obama administration official said Friday. The National Highway Traffic Safety Administration has been criticized ...

Out-of-patience investors sell off Amazon

1 hour ago

Amazon has long acted like an ideal customer on its own website: a freewheeling big spender with no worries about balancing a checkbook. Investors confident in founder and CEO Jeff Bezos' invest-and-expand ...

Ebola.com domain sold for big payout

1 hour ago

The owners of the website Ebola.com have scored a big payday with the outbreak of the epidemic, selling the domain for more than $200,000 in cash and stock.

Hacker gets prison for cyberattack stealing $9.4M

5 hours ago

An Estonian man who pleaded guilty to orchestrating a 2008 cyberattack on a credit card processing company that enabled hackers to steal $9.4 million has been sentenced to 11 years in prison by a federal judge in Atlanta.

Magic Leap moves beyond older lines of VR

6 hours ago

Two messages from Magic Leap: Most of us know that a world with dragons and unicorns, elves and fairies is just a better world. The other message: Technology can be mindboggingly awesome. When the two ...

User comments : 0