Pod Slurping


First of all, what in the .... is POD SLURPING?

From Wikipedia

Pod slurping is the act of using a portable data storage device such as an iPod digital audio player to illicitly download large quantities of confidential data by directly plugging it into a computer where the data is held, and which may be on the inside of a firewall. As these storage devices become smaller and their storage capacity becomes greater, they are becoming an increasing security risk to companies and government agencies. Access is gained while the computer is unattended.

There has been some work in the development of fixes to the problem, including a number of third-party security products that allow companies to set security policies related to USB device use, and features within operating systems that allow IT administrators or users to disable the USB port altogether. Unix-based or Unix-like systems can easily prevent users from mounting storage devices, and Microsoft has released instructions for preventing users from installing USB mass storage devices on its operating systems. [1]

Additional measures include physical obstruction of the USB ports, with measures ranging from the simple filling of ports with epoxy resin to commercial solutions which deposit a lockable plug into the port.

Ok, now, having this definition of "pod slurping" in mind, I developed a little tool to retrieve any file(s) from a Win machine (sorry, it's just a PoC and only works for Windows Spanish Language :P). This PoC doesn't show any window or needs user iteration. You can make your own using the references on the right.

  "MMMMM, yum yum!"


PodSlurping Sample 
Code Project  - C# Samples using USB devices.

 Just for "Educational  Purposes"


The PoC was developed in C# .NET and works pretty amazing using USBs with U3 technology