iPod: music, movies and malware?

Many people are quite aware of the dangers of using USB keys in corporate environments. However, iPods, digital cameras, mobile phones and the like pose the very same risk if they are connected to your corporate workstation.

This is because your computer, by default, treats the majority of media devices as if they were simply removable drives. This makes them just as prone to being infected [1], and to spreading infection, as regular USB keys. However, they don’t appear to have the same security concerns attached to them, probably because they are seen as media devices first, and as storage devices second.

Even the seemingly innocent act of using the USB port to charge a mobile device can lead to infection! (If you only want to charge the device, consider using a power-only USB connector.)

There are numerous measures that a corporate IT department can implement to mitigate the dangers of music, movies and malware, including: turning off AutoPlay for all removable drives, running an up-to-date anti-virus scanner, implementing NAC (Network Access Control) and using Device Control. But whatever technical solutions you choose, keep on telling your staff, “Don’t connect unauthorised external devices to the company network!”