For those of you that use the freebie USB memory sticks and other computer peripherals given away at conferences, you should read an interesting article in The Register yesterday. I write this as I look at a few used memory drives I have laying around, so I am in the same boat.
According to the article, a security company was hired to try and break into a client’s firewall without detection, but they weren’t allowed to use social engineering tactics (like a phone call with tech support or phishing) nor were they allowed to have physical contact with the client’s computer system to gain entry. They had to think up another way to break in without setting off alarms.
To get around these barriers, the company came up with an ingenious idea: a mouse laden with hidden tools that would allow the company to have access without the client knowing. The mouse’s internal system was reconfigured, and a hidden memory drive inside was designed to disable the security detection software in the computer and ensure that no notification was given to the user. They were able to get the user to install the mouse by sending it to an employee disguised as some type of special freebie promo.
Now, I obviously wouldn’t expect that any domain companies would be brazen enough to do something like this (or have any interest in doing something this malicious), but you should always watch what you put into your computer. Hackers may leave a flash drive laying around or may even manipulate one of the free drives given away at conferences. I am sure there are many ways this can be done effectively.
I’ve heard rumors of wifi snooping at conferences in the past, and I wouldn’t put it by someone to try something like this. You never know.