Your printer may kill you
#1
Team Owner
Thread Starter
Your printer may kill you
I never knew that HP printers looked at each print job to see if it contained new firmware. Looks like a pretty big hole.
Click the link for entire article, it's too large to post the entire thing.
http://redtape.msnbc.msn.com/_news/2...esearchers-say
Click the link for entire article, it's too large to post the entire thing.
http://redtape.msnbc.msn.com/_news/2...esearchers-say
Printer security flaws have long been theorized, but the Columbia researchers say they've discovered the first-ever doorway into millions of printers worldwide. In one demonstration of an attack based on the flaw, Stolfo and fellow researcher Ang Cui showed how a hijacked computer could be given instructions that would continuously heat up the printer’s fuser – which is designed to dry the ink once it’s applied to paper – eventually causing the paper to turn brown and smoke.
In that demonstration, a thermal switch shut the printer down – basically, causing it to self-destruct – before a fire started, but the researchers believe other printers might be used as fire starters, giving computer hackers a dangerous new tool that could allow simple computer code to wreak real-world havoc.
In that demonstration, a thermal switch shut the printer down – basically, causing it to self-destruct – before a fire started, but the researchers believe other printers might be used as fire starters, giving computer hackers a dangerous new tool that could allow simple computer code to wreak real-world havoc.
Cui and Stolfo say they've reverse engineered software that controls common Hewlett-Packard LaserJet printers. Those printers allow firmware upgrades through a process called "Remote Firmware Update." Every time the printer accepts a job, it checks to see if a software update is included in that job. But they say printers they examined don't discriminate the source of the update software – a typical digital signature is not used to verify the upgrade software’s authenticity – so anyone can instruct the printer to erase its operating software and install a booby-trapped version.
Rewriting the printer's firmware takes only about 30 seconds, and a virus would be virtually impossible to detect once installed. Only pulling the computer chips out of the printer and testing them would reveal an attack, Cui said. No modern antivirus software has the ability to scan, let alone fix, the software which runs on embedded chips in a printer.
“First of all, how the hell doesn't HP have a signature or certificate indicating that new firmware is real firmware from HP?” said Mikko Hypponen, head of research at security firm F-Secure, when told of the flaw. “Printers have been a weak spot for many corporate networks. Many people don’t realize that a printer is just another computer on a network with exactly the same problems and, if compromised, the same impact.”
“First of all, how the hell doesn't HP have a signature or certificate indicating that new firmware is real firmware from HP?” said Mikko Hypponen, head of research at security firm F-Secure, when told of the flaw. “Printers have been a weak spot for many corporate networks. Many people don’t realize that a printer is just another computer on a network with exactly the same problems and, if compromised, the same impact.”
#3
Team Owner
Thread Starter
I predict a large botnet consisting mostly of HP printers in our future.
Corporate printers with hard drives are a major security risk. Never return your leased corporate printer without wiping the hard drive. The hard drives can contain a crap load of documents. Want to know what your CEO just printed? Go up to the printer and request a copy of the last print job.
Corporate printers with hard drives are a major security risk. Never return your leased corporate printer without wiping the hard drive. The hard drives can contain a crap load of documents. Want to know what your CEO just printed? Go up to the printer and request a copy of the last print job.
The following users liked this post:
#1 STUNNA (11-29-2011)
#5
Go Giants
:tinfoilhat:
#6
The sizzle in the Steak
I'm a firestarter, twisted firestarter,
you're the firestarter, twisted firestarter.
you're the firestarter, twisted firestarter.
#7
Senior Moderator
Join Date: May 2003
Location: Better Neighborhood, Arizona
Posts: 45,641
Received 2,329 Likes
on
1,309 Posts
I caused a dial-up modem to catch on fire 'back in the day'
Trending Topics
#8
Senior Moderator
Join Date: May 2003
Location: Better Neighborhood, Arizona
Posts: 45,641
Received 2,329 Likes
on
1,309 Posts
The following users liked this post:
#1 STUNNA (11-29-2011)
#10
Sanest Florida Man
#11
updated a hp fax all in one business machine once. The firmware update consisted of an application that started a print job containing the firmware. Kind of interesting procedure.
Thread
Thread Starter
Forum
Replies
Last Post
STL TL-S
3G TL Problems & Fixes
9
09-23-2015 08:52 PM