Warnings Released Over New Endpoint Security Threat

September 20, 2006: USB tools have predominantly been used as a means to support and enhance the ease of data exchange and storage, yet one of their key weaknesses – security – is again in question.

A new application known as USBDumper has launched itself as one of the latest endpoint security threats. It works by silently copying the contents of an inserted USB drive leaving no visible footprint of the transfer on the desktop while doing so. More then just merely copying the files from the USB drive, advanced forms of the application can even make an image of the key.

The idea is that someone with malicious intent can install the software on either a personal, shared or public computer and collect files from anyone who plugs in a USB drive. The privacy and security implications of this particular threat need no explanation.

The hacking tool enables someone to steal data and potentially use recovery tools to retrieve deleted material. A scary thought, especially for those shifting their USB tools from machine to machine. Teachers, conference presenters, sales people and regular file sharers could potentially be affected.

“Traditionally, data thieves have been using portable storage devices to download information from computers,” says Howard Waterson, Asia Pacific Regional Manager for Centennial Software. “USB Dumper is different because it resides on the PC and silently steals data from a connected drive.”

“This application poses a real challenge for today’s mobile worker and reinforces the need to encrypt information on USB drives,” he says. “Especially if you’re taking that data in to a foreign environment.”

Comment on this story.