Aptly named "substrate hack" could steal data from uncovered devices

April 2, 2011

2 Min Read

PRESS RELEASE

April 1, 2011 -- IT security and control firm Sophos is warning users of smartphones and tablet computers - including the popular Apple iPad and iPad 2 - to temporarily refrain from using the devices following the discovery that data can be stolen from unprotected devices through a surprisingly simple proximity attack dubbed a "substrate hack" by SophosLabs.

The attack - the exact details of which are not being released to the public to prevent the exploit being used by cybercriminals – involves data leaking through the substrate itself - the hybrid metal/plastic container - of devices that are left uncovered.

"It's scary to think that all those many millions of smartphones and tablets out there are susceptible to a relatively simple attack through the substrate in which the devices themselves are packaged," said a spokesperson for Sophos Naked Security.

"One reliable countermeasure, evaluated in tests at SophosLabs, is to keep your tablet-type device or phone wrapped in plasticized aluminum, like the material used in potato chip bags. Of course, this removes the ability to make calls or access the internet, but keeps your data much safer, both when you are using the device and when it is at rest."

Until a patch has been issued by device manufacturers, concerned members of the public can reduce the risk of a substrate attack by shielding their devices with lightweight metallized plastic or cardboard. Potato chip bags are ideal. This sort of shield forms a "polar foil" around the device and greatly reduces the risk of data theft.

However, SophosLabs researchers warn that cylindrical shields, such as Pringles cans, should not be used. Despite their metallic coating and obvious benefits over crisp packets in sturdiness, durability and hygiene, Pringles cans - as WiFi hackers know only too well - act as antennas, boosting rather than attenuating any putative data leakage signal.

Press Contacts: Julia Gaynor, Affect Strategies Tel: 212-398-9680 Email: [email protected]

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights