[ISN] Hackers Steal Sensitive Data using Digital Cameras

[InfoSec News]

http://www.it-observer.com/articles.php?id=966

By IT Observer Staff
6 December 2005 

Following a spate of reports about Bluetooth and iPods devices being
used to steal sensitive data from organizations, businesses are now
urging to be vigilant as hackers use digital cameras to sidestep
security measures.

"Camsnuffling", the latest IT managers headache being used to computer
attackers to extract and store data with the help of digital camera.  
The digital camera device, just like iPod and Bluetooth, is a simple
digital storage devices. Hence, simply plugging it into a computer's
USB can allow hackers to obtain sensitive data.

Ian Callens, Icomm Technologies, explains: "This is a very difficult
issue to manage and a real threat to business continuity and data
security. If someone is seen in the workplace using an iPod it's more
than likely that it's for the wrong reasons - either podslurping or
downloading music without permission. This is relatively easier to
police."

Many companies use digital cameras as part of their working day. This
fact makes it difficult at first glance to determine if cameras are
being used for work, or for hacking. In these businesses it's very
hard to enforce USB usage policies and not feasible to simply block
USB port.

"There are, however, steps that can be taken to reduce rogue
behaviour," said Callens. "Firstly, regularly change system passwords
that employ both letters and numerals. Secondly, issue internal memo's
to ask all to be vigilant, stating that observations are being
undertaken. Thirdly, consider adopting specific software to monitor
activity to actively manage the access rights to removable storage
devices. This should ensure that business productivity is not
affected, while actively guarding against the removal of data or the
introduction of inappropriate or malicious content to the network."