Australian Information Security Management Conference
Document Type
Conference Proceeding
Publisher
School of Computer and Information Science, Edith Cowan University, Perth, Western Australia
Abstract
Physical security is considered an integral part of information systems security. The idea that small devices pose a security threat for enterprises is well established. On the other hand, consented and supervised access to USB ports via USB flash drives is sometimes allowed. This paper will highlight the risk associated with this kind of access by devices such as IPods and USB flash drives. It will show a proof of concept USB device that runs automatically once connected to a personal computer and copies files and folders from the victim's computer to its storage and executes potentially harmful code on the computer without the user's knowledge. The paper then provides measures necessary to mitigate this type of physical attacks.
DOI
10.4225/75/57b6543434762
Comments
4th Australian Information Security Management Conference, Edith Cowan University, Perth, Western Australia, 5th December, 2006