June 28, 2005
Powerful, omnipresent digital music players present security risk
WEST LAFAYETTE, Ind. A cybercrime expert at Purdue University warns that the increasing presence of miniature digital music players could have serious consequences in the workplace.
Some of palm-sized players can store up to 60 gigabytes of information the equivalent of 15,000 songs or 25,000 photographs on average with capabilities rivaling laptop computers.
"The digital player is not just a cute music machine," said Marcus Rogers, a researcher at Purdue's Center for Education and Research in Information and Security (CERIAS) and an associate professor in the College of Technology's Department of Computer Technology. "It's also a potential criminal tool."
Rogers said digital music players have been used by car-theft and child-pornography rings because of their data storage capabilities. But the ability to quickly and easily download vast volumes of information without detection via a small cable also makes these devices the 21st century equivalent of a lock pick and getaway vehicle. Rogers points to several ways these devices can be misused, including:
Running "hacking" software that sniffs through a network and obtains passwords to gain access to supposedly secure information.
Whisking away personal information on 10s of thousands of people, thus making them vulnerable to fraud and identity theft.
Absconding with large amounts of intellectual property or other strategic information that competitors can use with crippling effects.
Disseminating inappropriate or even illegal images, such as child pornography.
Infecting a network intentionally or accidentally with a virus, perhaps even causing a computer or network to crash.
While the science of computer-crime forensics is advancing, Rogers advises companies to take preventive steps, such as:
Informing information-technology staff of the potential threat
Changing company policies to control use of "small-form factor storage devices," including digital music players.
Making sure investigators do not overlook the devices when seeking evidence.
Rogers, a former Canadian police officer, said law enforcement has not yet caught up with how advanced technology can be used by criminals.
"They'll say, 'Gee, there's no evidence on his workstation.' They're right. It's in his pocket!"
Rogers has done extensive research into the psychology of cybercriminals and how to track down them down.
CONTACT: Marcus Rogers, (765) 494-2561 or firstname.lastname@example.org.
Writer: Jim Schenke, (765) 494-6262, email@example.com
Purdue News Service: (765) 494-2096; firstname.lastname@example.org
Related Web sites:
Also: iPod forensics
To the News Service home page