USB Hacks: Who needs endpoint security?

GadgetTrak Anti-Theft Products For Cell Phone, PDA and Mac Theft Recovery

Although not directly USB related, I got a newsletter from GadgetTrak today with some interesting new products that I found quite interesting, I even bought the Mac solution. You may remember GadgetTrak as the provider of the “LoJack for USB devices” with theft recovery software for iPods and other gadgets. Well they are at it again. They now have anti-theft products for cell phones and PDAs as well as Apple computers. The approach with these tools is just slick.

The cell phone and PDA software works by the software detecting if an unauthorized SIM card is put in the phone, at which point is fires of an SMS message to pre-defined numbers with the new phone number and ID numbers that can be used to identify a subscriber via the carrrier.

The Mac software has some pretty rutheless techniques, not only does it email back network data such as IP address etc, but it also hijacks the iSight camera connected to the device and sends a video of the thief to you as well. One other feature I particularly like as well is that it gathers information regarding all of the wireless networks in the area as well.

Sony USB Thumb Drives Install Rootkit

So, it appears Sony did not learn from their little rootkit lesson back in 2005 when they installed trojan like behavior to protect digital rights on their CDs. Now it appears that lines of Sony’s Micro Vault line has crossed the line yet again. When the built in fingerprint reader installs a driver which hides a directory under c:\windows\. This directory and any files within are hidden when viewing files and subdirectories in the Windows directory. This driver then opens up a way for malware to sneak into that system as if you know the name of the directory you can sneak other files into it thus hiding them as well, not only does this hide the file from the user, but also from anti-virus scanners.

Not exactly complex stuff, but it is interesting to see that even commercial companies are relying on “USB hacks” to implement security mechanisms, the downside here however is that it can open the customer’s system up to malware. Sony has promised to release a fix…however it is not ready yet.