It appears the password setting on the iPhone is not so secure and is easily circumventable. If your phone is stolen by clicking on “Emergency Call” then double clicking on the home button, it then opens the iPhone up like a can ‘o worms, to your contact list, email, Safari, basically the entire device. iPhone theft will become a rising issue and data theft relating to theft will be an increasing concern.
The iPhone is not alone in being able to work around passwords, pretty much every model of handset’s password can be cracked, when you have physical access to the device it is only a matter of time and effort before the device can be accessed. Although the iPhone security breach is a simple bit of keystrokes, there are password crackers for mobile phones just like laptops.
OK so the iPhone is technically not a USB Hack, but it connects to a computer via USB so technically we can write about it!
NASA has disclosed that the Gammima.AG computer virus was discovered by NASA on several laptops carried to the International Space Station. Nasa said it was not the first time computer viruses had travelled into space and it was investigating how the machines were infected.
Guess how they think it got there? Apparently they suspect an astronaut brought a USB flash drive infected with the virus with them on board. The ISS has no direct net connection and all data traffic travelling from the ground to the spacecraft is scanned before being transmitted. The space agency also plans to put in place security systems to stop such incidents happening in the future…EVEN NASA HAS A LOT TO LEARN ABOUT ENDPOINT SECURITY.
I think this highlights issues faced by businesses and governments, even the agency with some of the smartest engineers in the world forgot about the weakest link in the security chain. People. What is interesting is that a lone USB flash drive was brought on board with what the astronaut thought was just games, this not only reflects the need to think about endpoint security and portable devices, but also policies regarding lifestyle devices in the workplace…especially if you are on the Space Shuttle. In such an environment as the US Space Program you can bet that rules, policies and security are front and center and all rules are adhered to as it is literally mission critical, if one strays just a little bit from these rules people can die and billions of tax dollars can be wasted. So I am pretty sure that the astronaut who brought the infected drive on board was not aware of the risks posed, nor was he/she told that in would be an issue.
GadgetTrak is getting close to launching a new iPhone theft recovery application, sort of a LoJack for your iPhone. The application utilizes the location aware nature of the iPhone to provide the specific location of the device when the device is flagged on the GadgetTrak site as stolen. The application not only gets the GPS coordinates, but also maps it to the closest physical address or landmark to further assist in the recovery of the device.
>
The application has some additional uses, the simple ability to beam your location to the GadgetTrak server. Additional features will be coming along soon.
As if mortgage lenders needed any more bad publicity. An employee at Countrywide stole 20K records a week for two years and was selling them to a third party. The FBI agent assigned to the case stated that Countrywide sealed off USB ports on employee systems (probably with Super Glue), however the employee found a system that did not have its USB ports sealed
Rene Rebollo Jr., 36, a former senior financial analyst with Countrywide Home Loan’s subprime mortgage division found a machine. Every Sunday night for about two years, Rebollo brought a flash drive over to that machine and downloaded personal information on approximately 20,000 customers.
Countrywide had not deployed any method for detecting or managing downloads to portable storage devices, since its policy was to block their use entirely on all employee machines. As a result, the downloads went undetected for years, leading to the compromise of some 2 million records, according to court documents. It is estimated from his bank records that he made about $70,000 from the selling of customer data.
The interesting point here is that it went undetected for years, one wonders how many other personal details are finding their way to USB flash drives around the world. There is an obvious financial motivation to sell the data and it is easy to steal from behind the firewall.
