Digital Cameras being called a "hacker tool" now?

This article focuses on the use of the camera as a “digital storage device”, as if the fact that the camera is somehow a “more surreptitious” way to copy data off the computer than any other USB & similar storage device (flash drive/thumb drive/memory stick/MMC/SD card).

I really hope that the author of the article was the only one surprised by this “unexpected” use of a digital camera as a way to slurp data off a computer. I also hope that we don’t see a wave of specific “no digital cameras allowed” security policies spring up in response to this. I would think any reasonably well thought out security policy would either (a) forbid the use of all portable storage devices, or (b) accept the risk of any and all such devices equally (since they all have the potential of being used maliciously).

I really thought I misread the title of the article – I had to read it three times to make sure I wasn’t the one with the big misunderstanding.

I figured they must be talking about the use of digital cameras to take pictures of the screen (a totally unpreventable vector), or they were talking about camera-enabled cell phones (which at least are more difficult to separate from “legitimate use” than a simple camera).

Big deal.

So you can use yet another bulky USB-enabled device to copy data from a computer and take it off-premises. If there’s ANY organization left out there that still hasn’t thought through the threat of the use of portable storage media to copy large quantities of data off-premises, I doubt they’re going to finally say “oh crap!” when they read this.

It’s far cheaper and easier to hide from prying eyes the use of a tiny little USB drive (most as small a digit on your hand) – far less likely to draw attention than plugging in a fist- (or larger) sized camera into a work computer.

To steal a phrase from Bruce Schneier, this is yet another example of a “movie plot threat” that has little relation to any reasonable assessment of overall security risk to most any organization.

[category: general security]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s