Cool consumer technologies may cause security nightmare

Last week, I saw a plug-and-play Web camera. OK, you’ve seen things called that before, but this was different.

It works like this: You plug a gateway device into a network. You switch on the battery-powered camera. You push one button.

Now you have a palm-size device beaming live images onto your network.

It’s 30 seconds of setup, then an endless security nightmare.

Did I mention that although the gateway device plugs into a wired network connection, the camera itself is wireless? And that it can transmit up to 100 feet inside a building to the gateway?

So at $299 (available this summer from a start-up called Avaak under the name Vue Personal Video Network), practically any disgruntled user is capable of real-time corporate espionage.

He sticks a tiny camera on a conference room wall, and suddenly he can see what he’s not supposed to see. Aim it at “eyes only” documents, and suddenly they’re no longer so confidential.

How can something so cheap be potentially so costly to you?And it will be, if you’re blindsided by it.

If you just do occasional scans for rogue devices, plenty of video could be transmitted beyond the firewall before you spot that gateway on the network.

But if you know about the Vue and how it works, it’s not tough to manage.

The camera transmits to the gateway, which sends the video to Avaak, which makes it available to the user through a Web page.

Block the outbound traffic to Avaak’s servers, and you’ve neutralized the threat. (Well, you’ll still have a disgruntled user out there to deal with. But you’ll have handled the technology issue.)

Of course, if you know about the Vue, you can also use it as a cheap, fast way to set up a temporary security camera; or as an ad hoc videoconferencing system; or as a tool for supporting a user when controlling his PC remotely isn’t enough.

That’s the thing about cheap consumer tech in the midst of a recession: It can be a royal pain at a time when we don’t have spare money in the budget to keep it from causing trouble.

Or it can be an easy, inexpensive way to solve problems at a time when we don’t have spare money in the budget to do it the way we’d like.

Here’s another example: Symantec is working on a consumer version of its remote-control product, pcAnywhere.

Currently dubbed Project Guru, it’s designed for power users and IT people who are called on to solve the PC problems of family and friends.

Typical scenario: Mom gets an e-mail from her son the techie and downloads a simple remote-control client, and then Sonny can take control of her PC through a Symantec Web site.

It’s cheap, it’s easy, and potentially dangerous in a world where spammers regularly get users to download malware and upload financial information.

But it could also be a great way to handle remote tech support on employees’ home PCs that are used for work.

Project Guru is currently in pilot release for select Symantec partners. A pilot release for customers is slated for the second half of this year.

Symantec is positioning it as a “secure online tool” for tech savvy users to help friends and family.

While there are many services available to consumers for technical support, “many tech savvy individuals still find themselves as the de facto support resource for friends and family,” according to Brian Hernacki, architect, Symantec.

Symantec also emphasizes the convenience factor.http://www.symantec.com/about/news/release/article.jsp?prid=20090302_01

Project Guru, it says, enables allows users to provide remote technical support without the need to spend a lot of time on the phone or visiting in person.

Remote desktop connections enabled by the pilot service use the same technology as Symantec’s software-as-a-service Online Remote Access offering.

Symantec says Project Guru is a complementary offering to its NortonLive PC help services, which enable consumers who need immediate PC help to call an expert 24/7.

To administer remote support using Project Guru, users sign up as a “Guru” by creating an online account and inviting friends and family members to join in their circle.

Once the invitation has been accepted by a friend or family member and the minimal set up requirements are complete, the Guru can connect remotely to the system to troubleshoot and correct issues using the Project Guru online tools.

Remote connections between the two systems are secured via encryption and authentication. The Project Guru pilot currently includes diagnostic tools for network monitoring and identifying the software installed on the remote system to aid the Guru in efficiently fixing computer problems for friends and family.

Project Guru is currently in pilot release with select partners. A pilot release for customers to provide feedback to assist in the ongoing development and advancement of Project Guru is planned for the second half of 2009.

Another cool tool that could have huge implications for security is GoView – currently being beta-teated by Citrix.

GoView makes it easy to record a user’s screen session – the video is automatically streamed to host servers at Citrix, where it can be accessed by anyone with the right URL.

See the training possibilities? See the security threat?

Look, you can’t stop this sort of potentially dangerous consumer tech from existing. But you can keep up on it.

I saw these three at the Demo 09 show; video of them is at the Demo.com Web site. You can learn how to keep it in check.

Maybe you can even get productive use out of it.

Just make sure you see it before your users do.

Frank Hayes is Computerworld’s senior news columnist. Contact him at frank_hayes@computerworld.com.

With files from Joaquim P. Menezes

Source: Computerworld.com

Share on LinkedIn Share with Google+