iPods are security risk, warns analyst

Mobile storage devices could give thieves and hackers a back door into corporate networks.

Companies should consider banning portable storage devices such as Apple's iPod from corporate networks as they can be used to introduce malware or steal corporate data, according to an analyst.

Small portable storage products can bypass perimeter defenses like firewalls and antivirus at the mailserver, and introduce malware such as Trojans or viruses onto company networks, claimed analyst Gartner in a report issued this week. Analysts have warned for some time of the dangers of using portable devices, but the report points out these also now include "disk-based MP3 players, such as Apple's iPod, and digital cameras with smart media cards, memory sticks, compact flash and other memory media."

Another potential danger is that the devices--that typically make use of USB and FireWire--could be used to steal large amounts of company data as they are faster to download to than CDs. Also the size of the portable devices means they can be easily misplaced or stolen.

Gartner advises that companies should forbid the use of uncontrolled, privately owned devices with corporate PCs and adopt personal firewalls to limit what can be done on USB ports.

"Businesses must ensure that the right procedures and technologies are adopted to securely manage the use of portable storage devices like USB 'keychain' drives. This will help to limit damage from malicious code, loss of proprietary information or intellectual property, and consequent lawsuits and loss of reputation," the report stated.

ZDNet's Andrew Donoghue reports from London.