Sophos warns: iPad 2 and other mobile devices vulnerable to proximity theft
April 2011 by Sophos
IT security and control firm Sophos is warning users of smartphones and tablet computers - including the popular Apple iPad and iPad 2 - to temporarily refrain from using the devices following the discovery that data can be stolen from unprotected devices through a surprisingly simple proximity attack dubbed a "substrate hack" by SophosLabs.
The attack - the exact details of which are not being released to the public to prevent the exploit being used by cybercriminals - involves data leaking through the substrate itself - the hybrid metal/plastic container - of devices that are left uncovered.
"It’s scary to think that all those many millions of smartphones and tablets out there are susceptible to a relatively simple attack through the substrate in which the devices themselves are packaged," said a spokesperson for Sophos Naked Security.
"One reliable countermeasure, evaluated in tests at SophosLabs, is to keep your tablet-type device or phone wrapped in plasticated aluminum, like the material used in crisp packets. Of course, this removes the ability to make calls or access the internet, but keeps your data much safer, both when you are using the device and when it is at rest."
Until a patch has been issued by device manufacturers, concerned members of the public can reduce the risk of a substrate attack by shielding their devices with lightweight metallised plastic or cardboard. Crisp packets are ideal. This sort of shield forms a "polar foil" around the device and greatly reduces the risk of data theft.
However, SophosLabs researchers warn that cylindrical shields, such as Pringles cans, should not be used. Despite their metallic coating and obvious benefits over crisp packets in sturdiness, durability and hygiene, Pringles cans - as WiFi hackers know only too well - act as antennas, boosting rather than attenuating any putative data leakage signal.