February 15, 2006 10:29 AM PST

Beware the 'pod slurping' employee

A U.S. security expert who devised an application that can fill an iPod with business-critical data in a matter of minutes is urging companies to address the very real threat of data theft.

Abe Usher, a 10-year veteran of the security industry, created an application that runs on an iPod and can search corporate networks for files likely to contain business-critical data. At a rate of about 100MB every couple minutes, it can scan and download the files onto the portable storage units in a process dubbed "pod slurping."

To the naked eye, somebody doing this would look like any other employee listening to their iPod at their desk. Alternatively, the person stealing data need not even have access to a keyboard but can simply plug into a USB port on any active machine.

Usher denies that his creation is an irresponsible call to arms for malicious employees and would-be data thieves, and instead insists that his scare tactics are intended to stir companies into action to protect themselves against the threat.

"This is a growing area of concern, and there's not a lot of awareness about it," he said. "And yet in 2 minutes, it's possible to extract about 100MB of Word, Excel, PDF files--basically anything which might contain business data--and with a 60GB iPod, you could probably have every business document in a medium-size firm."

Andy Burton, CEO of device management firm Centennial Software, said Usher walks a fine line but believes that he is acting with the best intentions and agrees that companies that still haven't recognized the threat need to be given a wake-up call.

"Nobody wakes up in the morning worrying about antivirus or their firewall because we all know we need those things, and we all have them in place," Burton said. "Now the greatest threat is very much inside the organization, but I'm not sure there are that many businesses (that) have realized it's possible to plug in an iPod and just walk away with the whole business in a matter of minutes."

Usher said companies shouldn't expect any help from their operating system, the most popular of which lacks the granularity to manage this threat effectively without impairing other functions.

"(Microsoft Windows) Vista looks like it's going to include some capability for better managing USB devices, but with the time it's going to take to test it and roll it out, we're probably two years away from seeing a Microsoft operating system with the functionality built in," Usher said. "So companies have to ask themselves, 'Can we really wait two years?'"

Citing FBI figures that put the average cost of data theft at $350,000, Usher argues that they can't.

"The cost of being proactive is less than the cost of reacting to an incident," Usher said.

Will Sturgeon of Silicon.com reported from London.

See more CNET content tagged:
Burton, threat, Apple iPod, minute, Apple Computer


Join the conversation!
Add your comment
jumping on the "pod" bandwagon
i'm sorry, but this guy appears to be an also-ran tech security
guy who decided to jazz up his consulting business by creating
a sudden "fear" and of course used the ubiquitous "Pod" in
describing the problem in order to make it more newsworthy.

Big deal.

Any half-wit with a 512MB USB keychain drive can do the same
thing - grab 500 MB of corporate data, slip it in the pocket of
his (or her) jeans, and head out the door.

What companies should be concerned about is disgruntled and
malicious employees - NOT iPods.
Posted by (13 comments )
Reply Link Flag
And if you security is done right they shouldn't even be able to attach a device like that and have the drivers load.
Posted by Bob Brinkman (556 comments )
Link Flag
What's the difference between the dasterdly iPod and the portable USB drive? None really. That same "program" could be set to run regardless of whether it is an iPod or some Windows peripheral.

Posted by R. U. Sirius (745 comments )
Link Flag
I doubt its a coincidence that this site features a yellow background
in its design.
Posted by Michael Bird (14 comments )
Reply Link Flag
let me get this straight
podcasting = ok
podslurping = not ok

i think i got it now.
Posted by brian g--2008 (25 comments )
Reply Link Flag
Just like your mama told you, you shouldn't slurp. :)
Posted by nightveil (133 comments )
Link Flag
What the ?????
Who's the rocket scientist that thought the term 'pod slurping' was a good one? How about a new phrase, like 'pod surfing' or 'pod stealing' or 'pod sucking' or 'pod *******'. The people that use their ipods in that fashion could be called 'pod ******'.

I'm reminded of a movie that had a cool line in it, "Why ******* when you can jackin?"
Posted by thedreaming (573 comments )
Link Flag
USB devices don't steal data; people steal data?
Posted by Anon-Y-mous (124 comments )
Reply Link Flag
This is slightly old news... People were actually going into Staples and/or Apple stores and dumping programs to their iPods. Essentially, when you install a program on a Macintosh, all the files for a particular program are stored in a single folder. So people were hooking into these machines with their firewire connections, getting a high transfer speed all the while, then simply walking nonchalantly out of the store! Free MacOffice anyone?
Posted by (6 comments )
Reply Link Flag
Are you lying or just clueless?
It is not possible to install Mac software simply by copying it to
another computer. One must use the Installer, a proprietary
application, give administrative approval from the computer the
installation is done on, AND have the applicable registration
codes for commercial software.

I assume you think Microsoft Office for the Mac is called
MacOffice. It isn't. Microsoft products are perhaps the most
difficult to install on a Mac. They usually require the proof of
having purchased a previous version by having that version on
the computer being installed to or inserting its CD. Then one
enter one's current registration code and is issued a new one for
the new product. If any of the Microsoft specific validation
procedure fails, the installation stops.

What you are claiming happens, does not. The most a person
copying something from a computer at a store is going to get is
word processing files or music not purchased via iTMS. He may
copy apps, but they may not run since they have not been
installed correctly.

Most of this information would be known by the average Mac
user, so I am going to assume that you are among that
Posted by J.G. (837 comments )
Link Flag
To an extent
It is true that when Office 2004 was released, a number of ipod
users found that they could walk into any apple store where
Office was installed on a computer and, under the guise of
shopping, managed to get away with free copies of office. All
you need to make Office 2004 for mac work on many computers
is a working serial number.
This is shown best in the way the install disc has you install the
app: you open the disc and the install instructions read, "Drag
the Microsoft Office 2004 to your hard drive to install all Office
Once the Office folder is on your computer, it is never altered.
When you enter a valid serial number, the MS Office file in your
Library is changed to reflect your serial registration, but the
application folder is left entirely in its original form from the
disc, thus allowing the Office folder on a computer's hard drive
to be copied to other computers EXACTLY the way you would
install the suite from the disc.
This is the case with many, but not all, applications that are
available for OS X.
Posted by montgomeryburns (109 comments )
Link Flag
iPod vs. Guns
Sure... when a story runs about the iPod being used in a crime, typical News.com readers lash out and claim that the *person* is responsible for the crime, not the device.

Yet, when guns are involved, the typical News.com reader will suggest bans, registration, and mandatory disarmament.

Consider also... when a *criminal* hacks into a Windows machine, the typical News.com reader is quick to blame Microsoft, not the actual criminal who committed the crime.

Hypocritical? Absolutely.

Nevertheless... organizations with security concerns are free to ban guns, ipods, usb memory sticks and whatever other device they feel could be used in a crime.

In an organization I work for, ALL non company supplied storage devices are forbidden. All cameras - including camera phones - are forbidden. Outside or wireless data connections are forbidden. Wireless devices such as keyboards and mice are forbidden. Convenience never trumps security.

When it is a business dealing with these issues, they have every right to demonize the tool and regulate it within the workplace. When it is the government, the reaction must be legal and constitutional. There is a big difference

The iPod is rightfully threatening to many organizations, and they have every right to ban them or regulate their usage in the workplace.
Posted by David Arbogast (1709 comments )
Reply Link Flag
Need I point out to you the glaring difference between data
theft and murder?
Posted by Michael Bird (14 comments )
Link Flag
Ban all three
If there were no guns, ipods or people then the world would be a safer place - so let's ban all three.

Alternatively the next time you see someone carrying an ipod, shoot them.
Posted by ajbright (447 comments )
Link Flag
Am I missing something?
According to the article "the person stealing data need not even have access to a keyboard but can simply plug into a USB port on any active machine."

Does this mean that is possible to execute the program from the ipod interface?
If you can't execute it from within the ipod then don't you need access to the UI of the host system in order to execute the code? If an attacker has obtained that level of access then you've got more serious concerns than pod slurping.
Posted by pctec100 (105 comments )
Reply Link Flag
This article is a mess
No, it's not you. The article is badly written. An iPod does not
come with any kind of input device. Furthermore, it must first
mount on a computer in disk mode before any kind of non-
music and video data transfer can occur. Of even more
importance is that the self-promoter featured in the story had to
write an application that would allow him to copy specific data
and put it on his iPod before he was able to create the scenario
he is using as a scare tactice. Not many people could recreate
what he did.

At the fellow's website, it is clear he is trying to sell his
'expertise' to the non-savvy.
Posted by J.G. (837 comments )
Link Flag
Windows mounts USB drives, including iPods autoamtically. Group policies can prevent this, but many net admins have not thouroughly considered this risk.

And even then, they must allow USB mounting becasue of the multitude of devices people use these days - cameras, flash drives, external HD's and CD's roms etc.

Yes, I can believe that this program can be executed from the iPod interface, and that's what's makes it so dangerous.

Loading new apps on the iPod is pretty trivial so once this program gets out there, any malicious user will have this capability with a bit of googling.
Posted by urbanvoyeur (52 comments )
Reply Link Flag
I fail to see the point
If this was just a heads-up to the world of business about the potential dangers of usb devices then what is the point of actually creating software that will do the very thing this guy is warning us about?

The only possible answer is that his creation in fact "an irresponsible call to arms for malicious employees and would-be data thieves" - and he has deliberately created the tools necessary to carry out this theft.

It's like the "security experts" that not only warn of potential flaws in Microsoft's OS, but then go on to create the very code necessary to carry out these attacks and post it online for anyone to use.

Making public warnings serves a community purpose, and might be a valuable service to the tech community if done correctly.

Making public warnings, together with the code necessary to carry out the attacks the warnings harp on about is nothing but malicious, and I have no sympathy for these people's points of view.

In fact I believe they should be prosecuted under whatever computer misuse laws are available to do so, as they are deliberately facilitating the kinds of malware that cause systems admins like myself so much trouble - never mind the problems caused to innocent public computer users that don't have the skills or technology to fix the damage these gits cause.
Posted by ajbright (447 comments )
Reply Link Flag
Technocrats running amok
Well said Andy!

These so-called "security experts" are in the business of pushing their "solutions" to non-existing problems, or creating problems where there really is none. Look at the recent WMF debacle. Sure there was a problem; but showing every punk how to exploit it before a vendor patch was available was the ultimate proof that these guys are in it for the fame. In my book, they are technocrats with no social conscience, just like they probably were virus writers in their youths. Once a punk, always a punk.

Business community should unite in shunning and shaming these fake security experts just as they would not hire ex-cons. Unfortunately, popular media feeds on this kind of sensational drivel. And fear sells well these days:-(

If you want security in your business, you have the same choices you had before computers caught on: Hire the right people, and then treat them right. For all other easy to make unintentional mistakes, take precautions to minimize the damage.
The rest is just fine-tuning and good management.
Posted by jprivate (1 comment )
Link Flag
Look at the Big Picture
Its not really a big problem...I think we have to worry more about executives of companies lying on their balance sheet or funneling millions out of companies using thier golden parachutes. This is so little of a problem its really not worth printing...
Posted by tryoneon (26 comments )
Reply Link Flag
Sounds both fishy and easy to fix
I don't actually think the plug and play USB functionality has an Autorun feature. If it does, it's a simple registry switch to turn it off.
Posted by HeynonnyNonnymous (1 comment )
Reply Link Flag
I think it is a conspiracy...


iPod now selling at 7Eleven (purveyors of Slurpee)
<a class="jive-link-external" href="http://www.ifoapplestore.com/photos/ipods_at_711.jpg" target="_newWindow">http://www.ifoapplestore.com/photos/ipods_at_711.jpg</a>


Pod Slurping stories...

We are all connected.

Other connectedness:

Slurpee began in 1965...the same year 'hypertext' (ie HyperCard) was coined...

Slurpee has sold 6 billion drinks...Apple's Core Image processes 6 billion pixels per second

The most Slurpees per capita are consumed in Winnipeg Canada...Winnipeg is home to the Red Apple Clearance Centre (this means absolutley nothing!)

Slurpee comes in Tangerine Lemon flavour...
You can download songs from Tangerine Dream and a song called Lemon on iTunes

The first non drink Slurpee branded item was bubblegum...Apple touts the Shuffle as being the size of a pack of gum.

Number of Slurpees bought per month is 13 milliion...Apple gets approx 13 million visitors to its stores each quarter.

I was going to worry about pod slurping...but I got distracted by all this other important stuff!
Posted by KsprayDad (375 comments )
Reply Link Flag
Much Ado About Nothing
Simply replace with word iPod with any media storage device, then
VOILA ....

Beware the iPod my ass.
Posted by Thomas, David (1947 comments )
Reply Link Flag
This whole thing is jocked off of the movie Firewall! :)
Posted by Brad Charna (11 comments )
Reply Link Flag
who needs a processor when you can write a batch file or autorun exe that will run when the key is inserted in the USB port and assigned a drive letter.
Posted by SeizeCTRL (1333 comments )
Reply Link Flag
iPOD Slurping
Having recently attended the Department Of Defense (DoD) Cybercrime Conference in Tampa Florida, I saw an actual demonstration of an iPOD used to extract data through a USB connection. Without getting to deep, the iPOD used had 50 megs set aside to run an OS, and the rest was as they say, history. Access to USB ports is a BIG concern to the DoD, and any company that does not see this threat stands to loose data. One other commentor had it right, replace iPOD with any other kind of USB device!
Posted by jblewis007 (3 comments )
Reply Link Flag
Get real Extremely misleading
The sky is falling, the sky is falling, man tell you what if this guy
can 1st of all log onto one of the computers into my domain and
then suck the files right off my server onto his iPod I'll give him
10000 bucks, such misleading info, if there is even one
corporate network out there that this could actually happen.
they should fire their IT Staff. I really doubt that any Corp stores
their important buisness files locally on their computers but
actually store them on a Server. in other words without the
proper rights and access this feat he talks about is IMPOSSIBLE.
And if he is writing about the this happening with users with
proper access guess what they could do this with an ipod, USB
drive, Firewire drive, Floppy disk. writable CD, USB HD, email,
FTP, or any other 1000 things out there so this "news story" is
not news.

Posted by Dogbone007 (1 comment )
Reply Link Flag
Pod Slurping: an easy technique of stealing data
Pod Slurping is a problem that has to be faced. GFI has recently released a new whitepaper which discusses the problem with uncontrolled use of iPods, USB sticks and flash drives on companies networks. It is entitled Pod slurping: an easy technique of stealing data, accesss to this whitepaper is free, and furthermore requires no registration. The whitepaper is found at <a class="jive-link-external" href="http://www.gfi.com/whitepapers/pod-slurping-an-easy-technique-for-stealing-data.pdf" target="_newWindow">http://www.gfi.com/whitepapers/pod-slurping-an-easy-technique-for-stealing-data.pdf</a>
Posted by Matthew Simiana (1 comment )
Reply Link Flag
Pod slurping is a real threat. Corporates and confidential organisations can be adversely affected or even sabotaged with just an ipod. When steve jobs launched the ipod , i'm sure he must have never thought about this, (like iphone 4 - he never thought the people may use it for call receptions as well). Read more about pod slurping http://sanjeevnanda.wordpress.com/2010/07/19/sanjeev-nanda-on-pod-slurping/
Posted by SanjeevNanda (1 comment )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.