1 April 2011
IT security and control firm Sophos is issuing a timely warning to users of smartphones and tablet computers – including the Apple iPad and iPad 2 – to be aware of a new attack in which data can be stolen from unprotected devices. Dubbed a “substrate attack”, SophosLabs found data could be exfiltrated through the actual package in which the hardware of the device is contained.
Paul Ducklin, Head of Technology of Sophos Asia Pacific, says the attack is surprisingly easy to pull off and has made the decision not to release precise details in order to reduce the likelihood of it being exploited by criminals.
“I don’t want to go into too much detail,” said Paul Ducklin, Head of Technology at Sophos in Sydney. “Full disclosure would be counterproductive at this point.”
Ducklin, usually effusive on security-related issues, refused to be drawn, saying only that “this attack, and its countermeasures, are electromagnetic in nature, in a frequency range outside that of everyday 3G and WiFi communications.”
Tests carried out at SophosLabs showed the most effective smartphone shields include commonplace items of garbage including chip packets or even metal-insulated pizza cartons.
More information on the incident can be found on Sophos Naked Security here: