Feeds

German chemical giant depending on biscuit-based security

But El Reg testing recommends savoury over sweet

Security for virtualized datacentres

Managers at Germ chem firm Evonik are putting their mobile phones into biscuit tins during important meetings, but testing by El Reg has revealed critical flaws in the Faraday-cage qualities of popular brands.

Concerns about industrial espionage have driven the German chemical company Evonik to equip every meeting room with a biscuit tin, the company has confirmed to the AFP press agency. For security reasons staff are required to place mobile phones into the tin before sensitive issues are discussed.

cadburysroses

Good for Tangy Orange Cremes
– rubbish for blocking mobile signals...

The idea is that the tin will work as a Faraday cage, blocking transmissions which the company fear can be triggered even when the phone is off, though our testing shows many tins to be entirely unsuited to such a role.

A phone placed inside a McVitie's Biscuit Assortment tin, for example, can make and receive calls (and thus transmit corporate secrets) without problem. The same thing applies to a Cadbury's Roses tin, but Jacob's Savoury Biscuit Selection come in a container made of sterner stuff, being able to block both 3G and 2G transmissions entirely.

Most of us would just turn the phones off, and such a policy has a great deal going for it even if security isn't in question: meetings run better when no one is distracted. But Evonik is concerned that phones can transmit secrets even after they've been switched off.

This is a surprisingly common belief, and hard to disprove. It's true that no one alive today has read the entire GSM specification (it's just too long), but running a radio (necessary to hear the secret "listen" command) takes power, and power consumption is something all mobile-phone engineers watch very carefully.

Having said that, handsets can be replaced with copies that don't ever switch off, and there are one or two smartphone apps which can reprogram the "off" switch to work as a "standby". So perhaps Evonik isn't being as dim as it appears to be – just as long as it has checked its tins, and knows that you can always rely on a Jacob's Cracker at a pinch. ®

Protecting against web application threats using SSL

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.