Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sensitive Data Stolen Via Digital Cameras

Posted by Zonk on from the camsnuffling-is-a-great-word dept.

Jack writes "ITO is running an interesting story on a new security threat connecting digital cameras and hackers." From the article: "Following a spate of reports about Bluetooth and iPods devices being used to steal sensitive data from organizations, businesses are now urging to be vigilant as hackers use digital cameras to sidestep security measures. 'Camsnuffling', the latest IT managers headache being used to computer attackers to extract and store data with the help of digital camera." We've previously discussed this problem.

13 of 318 comments (clear)

  1. iPods only for illegal use? by Anonymous Coward · · Score: 1, Interesting

    From the article
    ----
    If someone is seen in the workplace using an iPod it's more than likely that it's for the wrong reasons - either podslurping or downloading music without permission.
    ----

    This guy needs a solid whack with a clue-by-four. I work with a lot of people who use their iPods at work to.... SURPRISE listen to music.

    duh.

  2. Big zoom cameras are something too. by baryon351 · · Score: 4, Interesting

    A friend of mine has one of the big zoom cameras, an 18x canon, and has often found the info revealed in one of them is insanely high. zooming in to take a photo of an aged guy on a park bench reading a newspaper brought out a picture that revealed every word on the front page of it. I found myself zoomed in and reading that article before realising how simple it was, and that we were more than a hundred feet from him.

    Anyone here run a business with a display visible from a window, even one half a city block from the next window?

  3. Unless you lock the USB ports... by L0neW0lf · · Score: 3, Interesting

    Someone will get in, if they have access to your local intranet. It's that simple.

    I'd bet everyone here has seen a picture of the USB flash drive disguised as a PEZ(tm) dispenser. What about the new Swiss Army Knife that has one built in? Heck, you could mod a USB drive to look like a Zippo or a Bic lighter. As others have said, I can't even see why camera phones are such a hot deal other than for their ability to take pictures; storing documents can be done in a far less noticeable way when there's access to USB ports.

    --

    Never look down your nose at others. Someday, someone is bound to see your boogers.
  4. What the USA National Archives do... by ATeamMrT · · Score: 5, Interesting
    Since the article seems to be more concerned about using cameras to store information, rather than taking pictures of sensitive documents, how long until USB Memmory sticks are targeted? Floppies? Geez, if they're that worried about security they need to be concerned about anything that stores info, not just what appears to be everyday items.

    They check everyone who enters, no cameras are allowed. Everyone needs a special Id issued by them to eneter. No jackets are allowed. No loose sweaters are allowed. They have lockers where any banned item can be kept, outside the secure area. Once you make it to the guards station, they stamp every sheet of paper you take in. When you leave, you can only take out papers they stamped. They check EVERYTHING. And they have a ton of security cameras in the building, and employees that keep track of who comes and goes. I needed papers which were in a secure area. They made me wear an ID tied around my neck, and I was escorted by an employee.

    They also make it a crime to try and decieve them (for example, sneak a camera in). People can go to jail, and there are heavy penalties. They have multiple checks. The first one is a metal detector and a police officer who is more than willing to use the hand wand. The next step is the security officer who checks you in.

    If companies want security, it is not hard to ban everything, hire 20 or 30 police officers, make it a crime to violate their policy, and treat everyone as dishonest liars who are more likely to steal.

    A chain is only as strong as the weakest link. That is the mentality these institutions have, so they don't trust anyone, not even thier own guards.

  5. collateral damage by AxemRed · · Score: 4, Interesting

    This is becoming more of a problem for me too... I'm an amateur photographer. I have enjoyed photography for about 10 years, but over the last 3 years or so, businesses have become much more paranoid about cameras. Concert venues have cracked down, and many stores will kick you out for walking around with a camera, let alone taking pictures. Personally, I have always thought that (for the most part) you should be able to photograph anything that you are allowed to freely look at, but because of abuses, that isn't usually the case. It's sad really.

  6. Warning... by Pedrito · · Score: 4, Interesting

    Photocopiers can be used to copy sensitive data. Please dispose of all photocopiers in your company...

    Okay, I did RTFA, but I'm not entirely sure "how" a digital camera is a threat other than being used to take snapshots of sensitive data. Sure, you can plug it into a USB slot, but for a lot of cameras, they're little more than thumbdrives when they're connected via USB, so a thumbdrive would certainly be less conspicuous, but then you have to ask how this is much different from say, floppy disks, which until recently, were pretty ubiquitous.

    The article mistakenly states: "Hence, simply plugging it into a computer's USB can allow hackers to obtain sensitive data." How? Does plugging in a camera suddenyl disable all security in a computer? Suddenly all your encrypted data is decrypted? Suddenly the camera has access to everything? This is a completely unqualified statement that means nothing. It's a thumb drive and you have no more access to sensitive data than the person at the keyboard which is presumably the same person with the camera.

    Sorry, maybe I'm missing something, but this seems like a pretty stupid article.

  7. This reminds me of the time . . . by ndansmith · · Score: 2, Interesting
    a local kid decided to steal software with his iPod. The kid walks into an Apple store, plugs in his iPod to one of the demo machines, and downloads all of the expensive software (ProTools, Photoshop, etc.). I guess he eventually got caught but there were no charges pressed (probably had something to do with the fact that he did not agree to a EULA, haha).

    That is to say that the conveniece of plug-n-play mass storage (whether it be usb stick, camera, iPod) can be a major security risk. Add that to unsecured systems running as administrator (or root, etc.) in the workplace or showroom, and you have a great potential for mischief.

  8. Defense Contractors, memory sticks, and cameras by SeanDuggan · · Score: 4, Interesting
    I work in a building with defense contractors. Cameras are banned, even non-digital ones, for fear that someone might take a picture, but they have no problems with USB sticks and digital music players. I once had a guard ask after the headphones I was wearing. When I explained they were to my digital music player, he waved me on, saying that he just wanted to be sure they weren't plugged into a cell phone. (Cell phones are required to be turned off while in the building ostensibly because the signals can disrupt some of the RF experiments. Camera cell phones are, of course, banned.)

    Oh, and when the news reports came out, they did also briefly ban Furbies (remember when they were marketed as being able to mimic language? Security feared they'd be used as recording devices) and Coke cans (Coke was running that contest where prize cans had a GPS transmitter in them to lead in the prize team. This is more of the signal interference than a security thing, but people weren't hot on a GPS transmitter inside secured locations either).

    --
    This sig has absolutely no significance and serves only to take up screen space and waste the time of the reader.
  9. Re:Memmory Sticks next? by gary73013 · · Score: 5, Interesting

    Don't laugh. The three letter Government Agency for which I work fills all the USB ports, etc., with epoxy. Wireless networking is NOT permitted and the buildings are shield to prevent RFI from leaving/entering the building. Additionally, security personnel "war-drive the perimeter of all buildings to ensure there is NO 802.11 traffic. Also,if I remember correctly (I'm at home now), the extra network port and parallel and serial ports on my PC have been filled with epoxy too! The infrared ports and such usually have a shield permanently glued over them too! LOL

  10. Re:Memmory Sticks next? by Anonymous Coward · · Score: 2, Interesting

    There is no question that memory sticks can be a problem. "My" computer is locked down by my employer to the point that it is an expensive browser with no other functionality. I can't install anything. I use my USB device to run unauthorized software. CMD.EXE was locked out, but for whatever reason, COMMAND.COM wasn't, so I open a command window and run what I want (as long as it doesn't mess with registry settings, which are blocked). I detest Internet Explorer, so I run Portable Firefox!

    Bios changes were also blocked, but reinstalling the bios via that command window has allowed me to allow CDROM boots, so I can also boot KNOPPIX if I want.

  11. roll your own by catalyst · · Score: 2, Interesting

    How arrogant of $INDUSTRY_GROUP to think that they can actually solve $SECURITY_HOLE by pushing this $TECHNICAL_FIX fix down our throats! All they'll ever catch with this are the really casual users, who aren't capable of anything worse than annnoyance; any *real* villain would get around $TECHNICAL_FIX in heartbeat by just $10_SEC_CIRCUMVENTION. Why does /. keep shilling 2-bit press releases from $INDUSTRY_GROUP, anyway?

    $INDUSTRY_GROUP="Icomm"
    $SECURITY_HOLE="data smuggling"
    $TECHNICAL_FIX="camera ban"
    $10_SEC_CIRCUMVENTION="SFTP'ing the whole damn corporate database to a home SSH server set up on port 80"

  12. Re:Top-Secret Information Leaking by Shakrai · · Score: 4, Interesting

    My employer has insurance companies as clients, too. Almost universally they're penny wise and pound foolish.

    And paranoid too. I wanted to replace the whole tape scheme with some sort of offsite service like LiveVault. He was completely convinced that they would steal our data and sell it to our competitors -- even though they dealt with banks and other companies hundreds of times our size. When he wouldn't go for that I suggested a server at his house backing up in real time across an encrypted VPN -- he didn't trust that either because somebody could "break" the encryption and sell it to our competitors.

    The sad thing is that it would have solved a lot of problems. We could have stopped buying bigger tape drives every few years (they scanned everything that came into that office and retained the images forever) when our existing one was too small. It would have been about a million times more secure then the "send a tape home with the CSR method".

    The funny thing is that I could never quite get it through to him that if our competitors were that smart/knowledgeable we'd already be out of business. Or that a CSR paid $7.00/hr is much more likely to betray you then a private company that you have a business agreement with.

    Yeah, it was PHB hell.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  13. Re:"Cameras" is a little misleading/shortsighted.. by Anonymous Coward · · Score: 2, Interesting

    "but next it will be eyeglasses, shoes, student ID cards, car keys, fake fingernails, or someday your pre-frontal cortex" Why use fake fingernails when you can use the real things. http://3quarksdaily.blogs.com/3quarksdaily/2005/08 /fingernails_sto.html