back to article German chemical giant depending on biscuit-based security

Managers at Germ chem firm Evonik are putting their mobile phones into biscuit tins during important meetings, but testing by El Reg has revealed critical flaws in the Faraday-cage qualities of popular brands. Concerns about industrial espionage have driven the German chemical company Evonik to equip every meeting room with a …

COMMENTS

This topic is closed for new posts.
  1. CADmonkey
    Coat

    The Tin Hat Brigade proudly present...

    ...the iTin!

  2. PartTimeLegend
    Black Helicopters

    More Tea Vicar?

    I guess someone is having to eat a lot of biscuits.

    I can't help wonder why they don't build SCIFs and the like. Something proven to block the outside world.

  3. Anomalous Cowturd
    Boffin

    Perhaps it needs...

    Earthing?

    1. Mage Silver badge

      Earthing??

      No, not Earthing. Earthling. It's the lid fitting imperfectly or some other such flaw. Seriously screened enclosures have compressible braid and other clever schemes to ensure a complete short along all mating surfaces.

      1. Paul Crawford Silver badge

        Earthing, indeed

        It is largely a case of maximum linear gap length. As a rule-of-thumb to get half-decent screening you need to have proper metal-metal contact every 1/20 wavelength or less for *every* joint. For 1.8GHz this means around 8mm.

        Most biscuit tins won't approach this, in fact, a lot of RF screened boxes don't make it either!

        But put an audio noise source in the tin box and it will help render any sound spying *much* harder if the screen is not enough to put the phone out of RF use (depends on base station range, etc).

        Maybe fart apps are not so useless after all?

        1. T.a.f.T.
          Boffin

          Earthing and a good seal

          I am sure you have to earth a cage if you want the transmitter to be blocked; you will get some attenuation from just having a metal/water/fleshy object in the path but not enough to stop a mobile broadcast. If you earth it you give a new direction for the magical photon/electron waves to head; down into the ground so you can get a bit more attenuation.

          I would say that a tin strapped to the central heating systems or some other earth point with some copper tape around it should be OK. Then you put the tin in a microwave and the microwave underwater in a large bucket... no problems there?

          1. Steve X
            Boffin

            Earthed faraday cages

            It's a common misconception, but there is absolutely no need to earth a faraday cage to make it work. Earthing a cage can help to bleed off any charge which builds on the external surface, perhaps for safety reasons, but earthed or not it will still act equally well as a screen to prevent charge on the outside getting inside, or vice-versa.

  4. Heff
    Facepalm

    solution in need of a problem?

    its easier to line a cardboard box with felt and bubblewrap (and probably cheaper, too)

    why use a faraday cage when you can put the phone in a dark box with no sound? mics on phones are bullshit and always have been (thankyou, designed-to-task!) but if you're going to get paranoid into the corporate espionage game, then you already have a corp. whitelist for phones, and/or you just have someone collect up the units and they sit outside the meeting in a safe at admin goon X's cubicle.

    I fail to see when faraday cages were ever made necessary.

    1. CaptainHook
      Big Brother

      Agreed

      With the Micro SD Card capacity these days, the phone could recorded everything it's mic picked up for days at a time, and since it's not transmitting the battery would last a good long while as well.

      If the company are really that paranoid what do they do about spy gear embedded into pens and buttons etc. Pens they could provide but I think supplying approved clothing before each meeting might be viewed as a bit weird.

    2. Code Monkey
      FAIL

      Easier?

      Lining a cardboard box with felt and bubblewrap is easier than buying, then emptying a tin of Jacob's Cream Crackers? That's nonsense.

      I'll grant you it's impossible to eat even a single cream cracker without butter and some jam, cheese or whatever (and a nice cuppa to wash the lot down) but what sort of nutter would do that?

    3. Aaron Em

      Or you could just pull the God damn battery out

      Seriously! Engineers can't figure out something that simple?

      Well, I suppose it might go some way to explain why Germany's just forsworn nuclear power...

      1. Anonymous Coward
        Facepalm

        Pull the battery out?

        Never used an iPhone, have you?

        1. T.a.f.T.
          Big Brother

          Never off

          You cannot take the battery out so that you can never break the iLink to your brain; without it how would Apple make you know what you want to buy... I mean gather market research data out of your frontal cortex.

          Big Brother has a Jobs for you O_O (don't blink, that is what they sink the data)

    4. Mark 65

      @Heff

      It's probably easier to have somewhere to leave them outside of the meeting room rather than taking them in and fucking about.

  5. Ralthor
    Happy

    The proper application for tin foil....

    ... has finally been discovered! To turn leaky biscuit tins into proper faraday cages! Millions in security spending can now be spent on chocolate digestives! It is a great day for tea and biscuits.

  6. Sargs
    Coat

    Food Technology as Faraday Cages

    Back in the day, we were trying to test the behaviour of a mobile phone app we were developing and needed to simulate conditions of low signal strength. Problem was, we were within spitting distance of the local cell tower. Wrapping tinfoil round the phone didn't work and locking the phone in the safe also failed to produce the desired results on account of us not being able to see what happened, so we tried the kitchen Microwave instead.

    It seemed like a great idea- It keeps all those toasty microwaves in, right? Plus it has a window, so we don't have to do Schrodinger testing any more! Well, it turns out that we're better programmers than radio engineers, because it simply didn't affect signal strength.

    We wound up using the safe and a cunningly-positioned video camera. Also, nobody used the microwave much after that.

    1. Filippo

      microwave

      I'm not a radio engineer, but I think the frequencies used by phones are pretty far from those used by microwave ovens. The shielding on the oven is probably specific to microwaves. I hear it should block wi-fi, though.

      1. Peter2 Silver badge

        Microwave

        Yes, A microwave does block mobile phone signals quite effectively.

        Unless the microwave shielding is kaput. In which case, to be honest it letting out the signals for your mobile at the least of your worries.

    2. Christian Berger

      @Food Technology as Faraday Cages

      Well I guess the signal strength did go down. However the display is just a rough estimation. Did you ever try to get the more detailed values from the baseband chip?

      1. Peter2 Silver badge

        Microwave faraday cage

        If your reading the display, I suspect you don't have the door closed. This may have some impact on the effectiveness of the shielding, because the mesh over the door isn't there for decoration.

        The simple test is putting it in, and then ringing your mobile. If it doesn't ring, then it's got no signal. Also, a closed microwave is at least as effective as blocking sound waves as a biscuit tin.

  7. david wilson

    Tin box in the /same/ room?

    Why not just put all the phones in a cardboard box, and put the box in a different room?

    For extra security, a radio tuned to the crappest local music station could be added to the box.

    1. Frumious Bandersnatch Silver badge
      Coat

      Or just make sure you use the

      cone of silence...

      Showing my age as I head out the door.

    2. Eddie Johnson
      Black Helicopters

      Because If You're That Paranoid...

      Letting the phone out of your sight is a whole other security issue.

  8. Whitter
    Alien

    Tin foil to the rescue!

    You mean that all this time our lizard overlords have been able to communicate with our biscuits, or more worryingly, vice versa? No wonder the world is in the mess it is.

  9. Stephane Mabille
    WTF?

    Doh!

    What about leaving the mobile (on or off) out of the room? A locked drawer in a pedestal (which by the way doesn't work well as Faraday cage, at least not mine!).

  10. Anonymous Custard Silver badge
    Devil

    Wouldn't it be simpler...

    Just to remove the batteries?

    Or are they all so wed to their iWhatevers where they'd need to take a hacksaw to it for that?

  11. Richard Pennington 1
    Boffin

    Pringles...

    ... for a wonderful directional aerial effect.

  12. Mark #255
    Boffin

    Good contact required

    Unless you're getting good, metal-on-metal contact all round the rim, the Faraday-ness of the tin will be severely degraded (ie - you may as well not bother).

    Most biscuit tins have painted/lacquered sides so you'd have to be lucky to get good (low impedance) contact all round.

    Proper (>40dB) screening at GHz frequencies is not simple.

    1. The First Dave Silver badge
      Boffin

      untitled

      So take a bit of sandpaper to the mating surfaces of the tin and its lid...

  13. Mage Silver badge
    Mushroom

    Useful to know

    Like you might want to put an ordinary Radio in a Biscuit Tin to protect from EMP.

    Though would any transmitting sites work afterwards?

    Actually I wondered was this about bad site security due to relying on persistent Cookies. More interesting. Now I will have to buy various tinned goods (and eat them, can't be mucking environment by dumping) to check suitability of tin as Faraday cage. I presume testing with an iPhone might not be any good. Need an old 6300 off eBay?

  14. NogginTheNog
    Big Brother

    Simpler solution?

    Couldn't they just remove the batteries?

    Oh sorry, of course not if you've got a Jesus Phone :-(

    1. chr0m4t1c

      It's not alone anymore

      You can't remove the battery from a Nokia N8 either.

      OK, not quite correct, you *can* remove the battery, but you need very small TorX driver - so it's not any easier.

      A simpler solution would be to not allow any phones in the area where sensitive discussions are taking place.

      I recently went on a factory tour and the owners had little lockers installed in the reception area where you could put things like mobiles and cameras because they weren't allowed on certain parts of the tour (and everyone was searched).

      OK, a bank of lockers will be more expensive than a few biscuit tins, but they will be a much more sensible solution to the problem - you could even install charging points in the lockers.

  15. bettername
    Devil

    Or..

    "Batteries out and your disassembled phone on the table in front of you, please".

    Either of which wil fail unless there is a TSA guard on the door checking for your 2nd device left in your pocket/pants/arse...

    Fiver says whoever approved the buying of biccys "for security" is a tad, uh, overweight...

  16. M7S
    Big Brother

    A long time ago......

    .... we used to finance Nokia. We had correspondent banks in Germany that did the same.

    Both we and the Germans noted that whenever they came to a sensitive meeting they would take out the batteries in their phones and place them on the table beside the handset. They explained that removing the power source was the only way to be sure that the phones could not be remotely activated at the time for just such a purpose. This was in the days when phones were basic but reliable (and the 6310i was all the rage). I would expect current smartphones to be at least as compromisable. After all remember what the UAE tried to do to Blackberrys a while back http://www.theregister.co.uk/2009/07/14/blackberry_snooping/

    Slightly stuffs corporate iPhone users, but then it's not like anyone jailbreaks them, or there are any untrustworthy apps around......

    1. Fred Flintstone Gold badge

      Actually, the Motorola RAZR has the same "feature"

      Yup - more phones out there. Switching it "off" is simply not as good as not having the phone in the room at all.

  17. Chrome

    This may sound ridiculous, but

    What about taking the batteries out?

    1. Anonymous Coward
      Gimp

      Re: taking the batteries out

      On an iPhone, you can't. Not without unscrewing the case and voiding the warranty.

      1. James Broome

        So don't allow iPhones in the building!

        Surely it can't be beyond the wit of man to say "That is a security risk, you aren't bringing it in here". However, then we are back to the significantly simpler and more elegant solution - don't allow any phones where sensitive stuff is being discussed. However, there is so much stealth recording technology available, it is probably irrelevant to anyone that really wants to breach the security of the meeting.

  18. Richard IV
    Black Helicopters

    Coming soon...

    A story on el Reg detailing how some devious corporate spies disguised a induction charging unit and femtocell as a biscuit tin.

    Meanwhile, I'll be working on the biscuit tin version of this: http://www.dilbert.com/strips/comic/2008-10-20/

  19. Raz
    Holmes

    A stinking title

    Well, I remember my old brick Ericsson 628 from 15 years ago where I was typing a code during the call and the phone would switch off. Screen off, keyboard off, but the call continued fine. Until the battery was taken out. So they may have a point.

  20. The Fuzzy Wotnot
    Pint

    Russian space pencils again!

    Can't someone be nominated to whip out a sealable plastic box, outside the meeting room. They ask for the phones to be placed in the box, then the person puts the box in a locker/safe for safe keeping until the meeting has finished?

    Simplest solutions are often the simplest for a bloody good reason.

  21. Christian Berger

    How phones are subverted

    Well apart from the obvious problem that most phones neither have their sourcecode publically accessible nor can you make sure it runs a firmware you could check, there are other ways to subvert your phone.

    The simplest is simply swapping the battery. There are batteries out there with slightly smaller cells and a tiny bug insides. That's cheap to do and far simpler than swapping the phone.

    The other way which is harder is to do is to exploit the baseband controller. Many have some sort of "auto answer" feature, activated by a command sent to the baseband controller from the application controller and stored in a byte somewhere in memory. A clever exploit might be able to write a suitable byte into that memory location. This could be done either from the application controller or if you have more resources, from the wireless network side by faking a cell.

    Another way to intercept phonecalls is to load an application onto the SIM-card via the SIM application toolkit. This also requires the phone to be booked into a cell you control. That way you can, for example, make every call a 3-way call to the attacker.

  22. Aaron Em

    ...you can't take the battery out of an iPhone?

    Oh, well, of course -- it'd compromise the perfect serenity of the design, or some such nonsense. Good, I'll keep that in my back pocket in case something happens to all my other reasons for not getting one.

  23. Marco van de Voort
    WTF?

    Conclusion?

    That English tins are apparently inferior to German engineered ones?

  24. Anonymous Coward
    Anonymous Coward

    It's harder than you'd think...

    I used to work for a cellphone designer and manufacturer, and naturally we had a shielded room for running conformance tests, etc. Even with the door closed and locked, we could still get paged by dint of Vodafone having a BTS at the end of our car park!

  25. G R Goslin

    An obvious solution

    What's wrong with putting a bucket of water by the door. Few phones can operate submerged.

    1. Anonymous Coward
      Devil

      My boss in 2000 had that

      Any phone which rang on a desk unattended or which ran in a meeting did a perfect ballistic curve towards the bucket. In 90%+ of the cases he did not miss.

      As in those days we all had corporate issue Nokia 63xx on corporate contracts noone could really complain (except the people who dealt with the phone supply).

  26. Anonymous Coward
    Anonymous Coward

    Blackberries

    Maybe they have blackberries, have you seen how long it takes a blackberry to start up after you've taken the battery out, not sometinhg you'd want to do on a regular basis

    1. NogginTheNog
      Thumb Down

      Speaking of Blackberries

      You never really turn these off when you turn them off: the only way to be sure it's genuinely off is to remove the battery.

  27. Stevie Silver badge

    Bah!

    Step 1) Wrap phones in foam rubber/bubble wrap.

    Step 2) Place phones in tin and strap lid down *firmly*

    Step 3) Place tin in much larger tin

    Step 4) Pour in two handfuls of ball bearings or lead shot and seal much larger tin

    Step 5) Place much larger tin on a rock tumbler drive in outer office or cleaner's closet

    Step 6) Switch on

    Step 7) Profits!

  28. Anonymous Coward
    Facepalm

    The obvious answer

    Put the tin Outside The Room. Doesn't have to even be a tin. Put a lock on it if you can't trust whoever walks by. KISS.

  29. Pete 8
    Terminator

    But

    the tin would be a fire-risk, with all those phones competeing for signal, maxing wattage to be 'heard'.

    Battery-life would lower.

    I say install a publicly accesible feed directly from the boardroom table. If they are such heroes, worth all the glossy spin, then surely their every step would be as that of a prophet walking on water, for all to see.

    Nothing good happening there.

    1. Anonymous Coward
      Mushroom

      Added bonus

      Then throw in some popcorn and everyone gets a tasty snack when the meeting is over.

  30. Anonymous Coward
    Happy

    You need 2 tins

    I need to do this in the office. You need a large tin, and a smaller one. Put the phones in the smaller one, then the smaller one in the larger one. This will kill all signals, even from the base station just outside the window :-)

  31. Ashton Black

    Tempest

    Many fully tested RF shielded boxes are available.

    They're just being cheap asses and it might just bite them.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020