iPods Banned?

iPod: Weapon of mass deletion
Tuesday 13 July 2004, 12:43 Makka Time, 9:43 GMT

The British military says the pocket-sized gadget is a threat

Music fans, beware: Britain's Ministry of Defence has become the latest organisation to add the iPod to its list of hi-tech security risks.

The pocket-sized digital music player, which can store thousands of songs, is one of a series of banned gadgets that the military will no longer allow into most sections of its headquarters in the UK and abroad.

Devices with large storage capabilities - most notably those with a universal serial bus (USB) plug used to connect
to a computer - have been treated recently with greater suspicion by government agencies and corporations alike.

The fear is that the gadgets can be used to siphon information from a computer, turning a seemingly innocuous device into a handy tool for data thieves.

"With USB devices, if you plug it straight into the computer,
you can bypass passwords and get right on the system," said RAF Wing Commander Peter D'Ardenne.

"That's why we had to plug that gap," he said, adding that
the policy was put into effect when the MOD switched to the
USB-friendly Microsoft XP operating system over the past year.

Virus carrier

In a survey of 200 mid-sized and large UK companies
conducted by British security software firm Reflex Magnetics, 82% of respondents said they regard so-called mobile media
devices, including the iPod, as a security threat.

iPods can also introduce computer viruses to a corporate network.

As a result, a small but growing number of firms, particularly those in the financial and health-care sectors, are devising policies to keep them out of their offices, said Andy Campbell, managing director of Reflex Magnetics.

"Oftentimes, a business has no idea if an employee is stealing data via removable media," Campbell said.

The findings reflect another report a week ago in which technology consultancy Gartner Inc advised companies to consider banning the devices because they can also unwittingly introduce computer viruses to a corporate network.

"A portable media player with two gigabytes of capacity
could easily store a customer database. And quickly," said
Not suprised, common sense and JSP 440 :)

Anyway if you go into any HQ staff officers have a form of dyslexia, they cannot read the following signs no matter how big the font is.



hehe go on deny it!!
Like Disco says, its common sense.

The mp3 playing ability of the ipod is something of a secondary function, at the end of the day, its just a bloody great hard drive - and to that end, is moreover a data storage device. Imagine how valuable up to 40 gigs of coporate date would be to a competitor? I think industry and the MOD are right to be worried.

Having said that, banning them wont stop people bringing the things into work. Denying the ability to use it on the system is a better answer, and a security minded organisation would have locked down the USB, Firewire, Floppy and CD Drives in such a way that removal of data wasnt an option. Besides, if somebody copied several gigs of the company database across the network onto their ipod, you would hope that it was audited in some way. They need to get it right at grass roots level, nobody seems bothered about the amount people print out, i'd say thats harder to control than locking down USB ports.

Having heard some of your complaints about disknet over the years monkey, i'm surprised to hear you sticking up for it. It may have something to do with the stop in the west end for the course and the quality of their gizits?

Hows the leave going mate?

Where I work the USB ports are disabled / blocked on the Class network. Was the same at my last base. Not a difficult thing for the geeks to do and seems to work. No problems. Another scare story from a company and a person wanting to make a name for themselves. What crud.
Thats good news mate, fingers crossed for you all. Also, i know your on the payrole of Reflex, dont deny it.
Al Jazeera a bit quick off the mark there, the story had only broken a few hours before in The Register http://www.theregister.co.uk/2004/07/13/mod_bans_ipods/

We do need to worry about what can be taken out on external devices. Not every network in Defence is clamped down by a private company in response to their contractural obligations.

Some of the worse ones are those operated in house.

I'll stick my head above the parapet here and say that disknet does have a part to play. But like all the other sys admin jobs, checking sys, and boundary protection logs, and account currency, you need the time or manpower to do the job properly.

Don't just worry about what your users could take out, think what they could bring in on a floppy as well: http://www.nessus.com
With the ease that you can gain entry into secure places and still keep hold of you mobile, the camera function comes in real handy. Remember those Gucci 007 style spy cameras disguised as a pen? Well now they're disguised as a phone. Secret documents, plans, and other good hard copy are all an easy target for the camera phone. You could transmit the pictures to your Russian masters via picture messaging and erase the contents before anyone had a chance to challenge you.


Metal detectors at every enatrance, body searches?

Oh what fun....
I know one of the problems with mobile phones is their ability to compromise TEMPEST. Apparently screen data can be recovered from the carrier wave, though I don't know how practical it is to do so.
hmm I believe the only threat to TEMPEST from a mobile phone is when said staff officer is talking to the Mrs in the middle of a breifing.

It is the ambient noise of a red area that is compromised.

The actual "leakance" of a mobile that is not off hook is marginal at its very worst.
Aside from tempest there are two other issues in the "COTS" security arena.

  • There are firms that can doctor a phone identical to yours, that make it live even when you have switched off. Someone only needs your phone for the time it takes to switch the SIM over.

Now that's just some of the stuff at open source :wink:
I saw that demo'd not long back. A Nokia 6110 that is doctored to appear to be switched off, but can be phoned and the call is answered. The mobile then transmits anything said to the person who phoned the number. Quite clever really, and available for a few quid. Quite worrying really. It wouldnt get around an RF scan of the room, because although it appears to be off, it isnt. But a nice bit of kit.


IS Ski Geek

War Hero
I have seen that demo also recently in Humps in the bar at the School of Signals - could it be the new mobile blocking device - Ahh yes that new thing whats it called

mmmmm Blandford
IS Ski Geek said:
...in Humps in the bar at the School of Signals .....
Wash your mouth out with soap this instant! That will be the Defence College of Communications and Information Systems.... or something.... then.

I tell you one little "unofficial" experiment we ran at the school. We used a bluetooth PDA to scan the classroom while the kids were working.

Amazing what data you can pull off a bluetooth mobile with no security options set.

The look on their faces,

Why disable USB ports when 90% of the PCs here have CDRW on them. USB flash drives are good pieces of kit which in the long term could save a bit of cash. I think we should use them, we should embrace technology not push it to one side.

Similar threads

Latest Threads