>Soundminer — a trojan that steals your credit card info by voice.

>Found this very impressive:

Essentially, Soundminer is a trojan that steals credit card data by listening for touch tones or audio. You can combine it with other malware to transmit the stolen information back to you. The mobile app is a proof of concept — it has to be installed and approved by the user to work (link to the paper here). However, I think that it very effectively proves that one should exercise caution with any electronic device, not just computers.

Smart devices – be they cell phones, multi-function printers, or projectors – should be considered as mini-computers; be careful what you install, and be careful what you access. Include it in your security planning, know how to react if a smart phone gets stolen or its security compromised, know what access these things have to your organization.

Security weaknesses due to smart devices are nothing new: I attended a brilliant Defcon 16 talk, Bringing Sexy Back: Breaking in with Style, during which Errata security explained how they broke into a client network by mailing an iPhone with wifi enabled to the office. At Brucon 2010, Joe McCray mentioned ‘borrowing’ the network connections of MFP’s during pen-testing exercices more that once. Our electronic devices are getting cooler and cooler – and security is the price to pay for the extra snaziness. Users be warned 🙂