T 5.141 Data theft via mobile data media

Many IT systems provide interfaces for the use of exchangeable data storage devices, for example extended memory cards or USB storage media. When an IT system with the corresponding hardware and software is not supervised, there is a risk that large amounts of data could be copied from these storage devices without authorisation. In general, copying is finished after just a short time, and it is impossible to determine directly that any data was copied.

Of course, these interfaces can also be used in the other direction to install malicious software on an IT system or smuggle it into a network.

Mobile data media can also be integrated into devices with other recording functions, for example mobile telephones, MP3 players, or digital cameras. In this case as well, sensitive information can fall into the hands of unauthorised persons under certain circumstances (see T 5.126 Unauthorised photography and filming with portable terminal devices).