Seeing the iPod as a Security Threat
With close to 60 million iPods sold since they were first introduced by Apple in late 2001, these trendy portable media players have become more than just the must-have gadget of our time -- they’ve evolved into an undisputed cultural icon. But they are also potentially dangerous to networks; iPods connected to the Internet can transmit viruses, and they can also be used to store a lot of data -- including company data.
Is the iPod a threat
Preston Gralla, author of How the Internet Works and How Personal and Internet Security Works, says a technique called “Pod slurping” refers to someone who uses their iPod to download data from a PC to their portable device. “This means that employees could walk out the door with literally thousands of sensitive files and data,” says Gralla.
On the flipside, an employee could cause considerable damage to a computer or network -- deliberately or unknowingly -- by copying files from an iPod to a PC.
“Someone could upload infected files from their iPod to a corporate network, bypassing the corporate firewall that normally blocks incoming files and connections,” explains Gralla. “What people don't realize is that the iPod is in essence a powerful computer, with significant amounts of storage. It's also hack-able, so that someone can use it for more than just listening to music or playing videos.”
Michael Gartenberg, research director of client access and technologies at JupiterMedia, a Darien, Conn.-based tech research firm, believes the iPod is no more a security threat than any other form of removable media. These days, the office is rife with portable consumer devices, such as laptops, USB thumb-sticks, and other gadgets that can serve as a way to transmit computer viruses and swipe confidential company data.
“Sure, iPods can store a lot of information, but they’re no more of a risk than a floppy disk was 15 years ago,” says Gartenberg.
What to do
Business owners concerned about their employees in this regard may consider locking down all connected devices, including USB drives, iPods, or any other external memory solutions.
“Companies can block these devices by installing software that will allow a network administrator lock access to USB and FireWire ports,” says Gralla. “In this way, iPods would be locked out of a network.”
Or you can take it one step further. You could ban iPods altogether. “Of course, doing that may alienate employees,” Gralla says, “and it would be extremely difficult to enforce the ban.”
But perhaps a better way to solve the problem of data theft than to ban employees’ personal devices, offers Gralla, is to store and encrypt sensitive data on protected servers.