'Honey Stick' Project Tracks Fate of Lost Smartphones
The Honey Stick Project (HSP) is a research project created by Security Perspectives Inc. It's designed to measure the decisions of real people and simulate threats and risks to information in a mobile environment. The original purpose of the HSP was to determine the percentage of people who do not realize that it can be very dangerous to insert unknown devices into their computer systems, and who take potentially risky actions when forced to make those kinds of decisions.
In similar ways that email attachments can carry viruses, mobile storage devices, such as USB Flash Drives, that have been exposed to dangerous environments can contain malware and can infect computer systems with:
- Keyloggers that capture passwords and other information, sending them back to a third party identity thief, hacker or corporate spy
- Trojan Horse Programs that spy on users and network activity
- Botnets that can perform illegal actions with your systems
- Rootkits that can silently and surreptitiously take control of your computer and hide themselves and their actions from anti-virus programs
Phase 2 focused more on measuring the human threats to sensitive mobile-accessible data, for example on a lost smartphone. The Honey Stick Project experiment is based on a technique for logging activities that occur on lost devices. Data collected is anonymous, and no attempt is made to collect personal information from the devices.