USB 'fingerprints' can help detect data theft

By Super Admin

Published: Wednesday, February 17, 2010, 13:45 [IST]

London, Feb 17 (ANI): Scientists are making an effort to use 'USB fingerprints' to identify 'pod slurping' data thieves.

Theft of valuable data through USB ports is a growing problem. Pod slurpers can steal an individual document by copying it onto a USB stick. Hackers can also copy a large number of documents via document-scavenging tools like USB Switchblade.

But now Vasilios Katos and Theodoros Kavallaris of the Democritus University of Thrace in Komotini, Greece, are close to finding a solution to the problem.

They have been analysing every make and model of USB stick and iPod/iPhone and have found each one has a distinctive transfer rate when copying data from a PC's hard drive. This is because of the differences in the microcircuitry and components that go into making each type of device.

The two researchers can find out if files have been copied by consulting the Windows registry, which records the make and model of every USB device plugged into that computer with a time stamp. Thereafter, the duo check all document folders for any files that were accessed shortly after the USB device was plugged in - the computer registry counts copying as file access, reports the New Scientist.

When they find a folder the suspect has been copied, they list the times the files within it were accessed. If the total time it took to access all the files matches the transfer rate of a particular USB stick or iPod plugged into the PC at that point, then it may be quite accurate to say a pod-slurping attack has taken place.

Kavallaris is writing a program to automate the process of trawling the Windows registry to work out which files have been copied to a USB stick.

Brodie thinks the team's work could help investigators.

He said: "The ability to prove that downloads have taken place will be invaluable in building a case when thefts occur." (ANI)

Published On February 17, 2010