×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Printers Could Be the Next Attack Vector

Soulskill posted more than 2 years ago | from the pc-load-letter-what-does-that-mean dept.

Printer 175

New submitter rcoxdav writes "Researchers have found that the upgradeable firmware on some laser printers can be easily updated and compromised. The updated firmware could then be used to do anything from overheating the printer to compromising a network. Quoting: 'In one demonstration of an attack based on the flaw, Stolfo and fellow researcher Ang Cui showed how a hijacked computer could be given instructions that would continuously heat up the printer’s fuser – which is designed to dry the ink once it’s applied to paper – eventually causing the paper to turn brown and smoke. In that demonstration, a thermal switch shut the printer down – basically, causing it to self-destruct – before a fire started, but the researchers believe other printers might be used as fire starters, giving computer hackers a dangerous new tool that could allow simple computer code to wreak real-world havoc.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

175 comments

Analingus could be the new Cunnilingus (-1)

Anonymous Coward | more than 2 years ago | (#38205068)

It happened when I was 19, a guy I met a guy in my College library took to his dorm and turned me around having pulled pants down. I figured he wanted to eat me doggystyle, when he stuck his tongue up my anus...

7 years later and more than 30 partners of all shades; half of whom have performed analingus on me, has me thinking its perhaps the new cunnilingus and 10 years time it will be part of foreplay.

PS: I return the favour.

Your thoughts.

Yeah right! (5, Funny)

Anonymous Coward | more than 2 years ago | (#38205072)

Yeah right, my printer could not possibly bring my networ

Re:Yeah right! (5, Interesting)

ColdWetDog (752185) | more than 2 years ago | (#38205124)

Arrh!!! Ip0 on Fire! [wikipedia.org]

What is new, is old.

Re:Yeah right! (3, Interesting)

ackthpt (218170) | more than 2 years ago | (#38205274)

Arrh!!! Ip0 on Fire! [wikipedia.org]

What is new, is old.

We had files we could send to our old impact lineprinter which could play music. Hell on ribbons, so save these sources of amusement for the day you were changing the ribbon anyway.

Re:Yeah right! (2)

maxwell demon (590494) | more than 2 years ago | (#38206016)

Arrh!!! Ip0 on Fire! [wikipedia.org]

What is new, is old.

We had files we could send to our old impact lineprinter which could play music. Hell on ribbons, so save these sources of amusement for the day you were changing the ribbon anyway.

Don't tell this to the MAFIAA, or we'll pay a music tax on printers!

You laugh but... (4, Interesting)

skids (119237) | more than 2 years ago | (#38205278)

...printers are rather more perniciously distributed into fire-prone environments these days than from back then, and though the journalists did their usual job of munging the information so it's inaccurate and sounds sensationalistic, there's actual potential for damage to be done here.

I've had a working uC-Linux demo for HP Deskjets available for a couple of years now (see my sig.) My intent was to open the systems up for robotics use and give robotics students a system cheap enough to allow them to take their lab projects home with them when the class was over. I don't work on it much anymore, as there hasn't been much interest, and it's boring doing it without any users to support.

I didn't approach lasers mostly because they have less to offer for this purpose, and also due to concerns over the safety issues, but some of the same tricks on my wiki page probably work on the older/cheaper HP personal lasers.

Could a deskjet be made to burn? Well, from playing with the stepper motor in the ink tray, I can definitely get that to heat up pretty good, not to mention draw enough current to force the device to reboot. Not that that was my intent.

I doubt the thermal management on deskjets is as thorough as on lasers, so yes, there's a potential for danger there. While a fusor might have a thermistor, that is only because it is an obvious danger. Sending the right bit pattern into motor drive circuits could heat up components, and AFAICT the only thermometers in the deskjets are far away on the print head daughterboard.

(Not yet published on github is my work on a slightly newer ARM-based copy/printer/scanner where I have a booting kernel already, but the toolchain is very hard to build and USB driver is still very dicey.)

Re:Yeah right! (0)

Anonymous Coward | more than 2 years ago | (#38205568)

I thought it was "Printer on Fire!". I haven't seen that message in a long time.

Obligatory (5, Informative)

TheLink (130905) | more than 2 years ago | (#38205104)

Re:Obligatory (0)

Anonymous Coward | more than 2 years ago | (#38205204)

I used to work as an service technician for printers. One morning I grabbed a tool which would send a PJL-command to a printer to set the diplay to show "error 66.6 - printer on fire". this scared the sales people so bad that the paniced, called all the techs and fled the building until they reached me on my mobile to explain the prank to them.
That cost me a couple of beers fo apology...

So, firmware updates in a print job. News to me! (0)

Anonymous Coward | more than 2 years ago | (#38205130)

I had no idea one could put a firmware update in a print job.

Is this possible?

Re:So, firmware updates in a print job. News to me (1)

skids (119237) | more than 2 years ago | (#38205176)

Depends on the model. In most cases, probably you can at least crash the stack and update it that way, but you'd need a huge library of model-specific vectors to do so reliably. Printers are very diverse platforms.

Re:So, firmware updates in a print job. News to me (0)

Anonymous Coward | more than 2 years ago | (#38205368)

I can remember when Laserjets didn't need to be compromised to burn up....

Ironically, HP printers complain about 'non-standard' cartridges (sometimes their own), but you can send a firmware update through a print job...

Re:So, firmware updates in a print job. News to me (1)

Grishnakh (216268) | more than 2 years ago | (#38206220)

Someone needs to make a firmware update that eliminates the warning messages about "non-standard" cartridges.

Doesn't need to be in the print job (0)

overshoot (39700) | more than 2 years ago | (#38205298)

I had no idea one could put a firmware update in a print job.

One of the main reasons for using a general-purpose operating system (*cough* Windows *cough*) in a printer is to allow remote administration -- such as downloading updates to it.

Re:Doesn't need to be in the print job (0)

Anonymous Coward | more than 2 years ago | (#38205384)

Yes, but the printer administration interface can be password protected, and for later models, even put behind https.
Also, the human engineering required to get someone to download a firmware, launch a browser, log into remote administration, and apply a firmware update is greater. If firmware updates can come in print jobs, one need only convince the victim to print a particular document sent via email.

Re:Doesn't need to be in the print job (1)

Bert64 (520050) | more than 2 years ago | (#38206542)

Only, very few companies ever bother to password protect their printers because they refuse to consider the risks...
The worst offenders are the larger printers that have a full blown windows box inside, because its a windows box it needs to be managed the same as any other with regular updates and AV... But since its a "printer" it doesn't get managed in the same way all the other windows boxes do, it gets plugged in and never touched ever again.

Other types of printer are no better, just windows boxes are the most likely to become worm fodder...

Re:So, firmware updates in a print job. News to me (1)

sexconker (1179573) | more than 2 years ago | (#38205582)

I had no idea one could put a firmware update in a print job.

Is this possible?

I don't know.
Therefore, aliens.

NExt??? (4, Informative)

Lumpy (12016) | more than 2 years ago | (#38205134)

You have been able to use HP jetdirect printers as an attack vector for decades.

IT seems that Computer security is not remembering how attacks were happening from the 90's and earlier.

Hell you could make Xerox solid ink printers burn the paper by sending them a corrupted PDF. it would stop in mid print with the paper on the drum and under the fixer running full power.

Re:NExt??? (0)

Anonymous Coward | more than 2 years ago | (#38205712)

IMO they had bigger problems merely bursting into flames.

There was one line of product that was a general purpose real time lynxOS unix box stuck inside a copier shell for years, with most of the operating system set to 777 permissions, and a flaky postscript engine allowing you to overwrite anything on the hard drive with a file embedded in a print job. and since everything ran as root there was nothing special required, just print. And of course, we did everything you could imagine, compile netcat, fake out LPR servers, redirect network traffic, modify incoming print jobs on the fly, add cover pages, whatever your heart desired since you owned the box.

Re:NExt??? (1)

purpledinoz (573045) | more than 2 years ago | (#38205972)

What would be even worse is if someone hacked a printer to print hundreds of pages of pictures from goatse.cx... yikes!

Aaahhh ... imagine the possibilities .... (4, Funny)

unity100 (970058) | more than 2 years ago | (#38205138)

Like every 3d printer in a major manufacturing installation hacked and reconfigured to manufacture 3d-cast giant cocks ... Can you imagine how will the plant manager feel after ending up with a warehouse full of cocks ?

Re:Aaahhh ... imagine the possibilities .... (1)

vlm (69642) | more than 2 years ago | (#38205264)

Well, somebody is selling those things, so I guess it could be much worse. I suppose if it happened at a church hackerspace, if such a thing exists...

Worse would be getting the machine owner in big trouble, like making plastic automatic knives aka switchblades, or rifle receivers or single use short barreled plastic 12 gauge shortguns or any number of things the BATFE demands licensing and fees. Even just endless streams of pirated trademarked copyrighted mickey mouse gear would be a problem.

Re:Aaahhh ... imagine the possibilities .... (1)

unity100 (970058) | more than 2 years ago | (#38205504)

Even just endless streams of pirated trademarked copyrighted mickey mouse gear would be a problem.

you know ... a serious hacker group could practically end trademark/copyright thing by continually hacking and rewiring 3d printers around the world to flood the world with those items.

Re:Aaahhh ... imagine the possibilities .... (0)

Anonymous Coward | more than 2 years ago | (#38205566)

You mean the way we ended copyright on music by massively pirating it?

Re:Aaahhh ... imagine the possibilities .... (1)

skids (119237) | more than 2 years ago | (#38205846)

Great, now the phrase "Ron Jeremy, prior art" is stuck in my head.

Re:Aaahhh ... imagine the possibilities .... (1)

Anonymous Coward | more than 2 years ago | (#38205650)

You've never work in an industrial facility, they're used to being surrounded by dicks.

"THE next attack vector"? (3, Insightful)

dmomo (256005) | more than 2 years ago | (#38205150)

How about a less sensational headline like: "Printer firmware opens attack vector".. or something.

Dude (1)

Anonymous Coward | more than 2 years ago | (#38205330)

More sensational headlines get more click-throughs. Duh.

Re:"THE next attack vector"? (3, Informative)

bananaquackmoo (1204116) | more than 2 years ago | (#38205338)

How about a more true headline, like "have been potential attack vectors for many many years now"

Re:"THE next attack vector"? (1)

jd (1658) | more than 2 years ago | (#38205672)

Or... "any programmable computing device can be attacked, and any hardware attached to it can be used to cause damage", except that would be longer. More honest, though.

Want to trash a computable device? Upload something akin to CPUBurn onto it, styled and compiled for that specific processor. Want to trash a monitor? Set the timings to something totally screwball until it screams or fries. Want to wreck a hard-drive? The 80s computer virus "headbanger" smashed read heads into the end buffers until they misaligned or broke off - chances are you can still do that especially if you mangle any firmware safeguards first, only hardware safeguards would stop it and nobody adds hardware that doesn't add to what they can make the sticker price.

HCF (3, Interesting)

camperdave (969942) | more than 2 years ago | (#38205166)

...the researchers believe other printers might be used as fire starters, giving computer hackers a dangerous new tool that could allow simple computer code to wreak real-world havoc.

It's not new. Computer hackers have had that ability for decades upon decades. It's called HCF: Halt and Catch Fire.

Shutting down == self destruct? (0)

Anonymous Coward | more than 2 years ago | (#38205168)

Cool sensationalism there, broseph.

Um, what? (0)

Anonymous Coward | more than 2 years ago | (#38205172)

the printer’s fuser – which is designed to dry the ink once it’s applied to paper
 
We're suppose to take advice from someone who apparently has never passed the A+?
 
I know, I know, they could know a great deal more in other areas but this is just foolishness.

decidedly old school (0)

Anonymous Coward | more than 2 years ago | (#38205210)

Network printers have been an attack vector as long as they've existed.

If anyone can provide a link to the article describing a university with HP printers being used as a jump point? I can't find it anywhere.

Nothing new here (1)

onyxruby (118189) | more than 2 years ago | (#38205218)

When I first toyed with Linux in the 90's I smoked a monitor by setting the refresh rate higher than it would support. Whilst it hasn't been possible to do this in many years you could have likewise called that just as much of an attack as this printer issue.

People discover printers, copiers and so on are really just dedicated computers and attack them. If your a professional and your surprised something like this is happening than you've just outed yourself as incompetent.

Why is this a news?

Re:Nothing new here (1)

skids (119237) | more than 2 years ago | (#38205366)

Why is this a news?

Because it's news to the layperson. You know, the one who owns a printer but doesn't know the difference between a parallel port and a serial port. They just assume the devices are "safe" because they are sold casually.

Re:Nothing new here (3, Interesting)

jd (1658) | more than 2 years ago | (#38205696)

The truly important news that everyone so far has missed is that the original submission had a typo that the editors fixed. THAT is absolutely staggering news!

Re:Nothing new here (1)

onyxruby (118189) | more than 2 years ago | (#38205906)

Good catch, you should submit that as a news story! Slashdot editor edits news story. Just make sure you submit the story with your own typo.

I'm the guy who responded to their user feature request a few months back with a request that they hire a professional editor...

Filed under 'Possible, But Unlikely' (2)

ackthpt (218170) | more than 2 years ago | (#38205220)

While this may be attractive to drunken programmers, it's not something I expect evul terrerists to perpetrate or nefarious crackers, who are far more interested in stealing your money.

Re:Filed under 'Possible, But Unlikely' (0)

Anonymous Coward | more than 2 years ago | (#38205392)

The Anonymous group would be all on this. Even though it doesn't quite let them detonate vans from the internet.

researchers find attack vector known for 20 years (4, Informative)

rubycodez (864176) | more than 2 years ago | (#38205224)

This has been known and demonstrated since the early 1990s. Moreover, Tom Clancy used this type of attack as plot device in one of his novels, in the 90s.

4 Windows users? Should be EZ 2 stop (0)

Anonymous Coward | more than 2 years ago | (#38205758)

Turn off File & Print sharing (or even easier, stop the local server service via services.msc).

After all - If you're not using a networked system at home, & just a single "stand-alone" machine hooked into the internet ONLY/especially, then, it's a service you don't need running in the 1st place even really & this can secure you vs. this type of attack!

Or, @ least "common-sense" says it should!

(Plus, you're hurting performance (if not your electric bill too), by wasting CPU cycles, RAM, & other forms of I/O running the server service on a stand-alone home system that isn't networked to others @ your home, because unless you're doing that? You don't need it in the 1st place (as well as making yourself vulnerable to file share + printer attacks like this one appears to be, by running the local server service (services.msc))).

* Feel free to correct me IF I am off/wrong on the mechanics this thing uses, because I didn't read the article yet, but since it's doubtless using printer shares to do it's dirty work, this SHOULD work vs. it...

APK

P.S.=> After all, if you're NOT "soliciting shares/printers", there's NOTHING TO "GRAB AHOLD OF" for this thing to attack you with!

NOW: IF you have to share disks/files/folders/printers? Be sure you CHECK WHO YOU ARE SHARING THEM TO (users/groups)!

This all should work as an option for those of you that DO share things on a home LAN etc./et al... apk

Re:4 Windows users? Should be EZ 2 stop (0)

Anonymous Coward | more than 2 years ago | (#38206044)

So it is using a print job to do the "dirty work". It has nothing to do with the drivel you've posted. If the printer is connected to the computer in a way that allows it to print (USB / parallel port / direct IP printing, etc.), then a print job can make this happen. You just need the social engineering to get them to print something. Perhaps one of those "print this for your records" things on a web page.

Now, it also seems a HOST FILE might be a great exploit here too.

I said I didn't RTFA yet (0)

Anonymous Coward | more than 2 years ago | (#38206180)

As I said in my init. post U replied to: I didn't RTFA @ that point & asked for correction in fact were I 'off' see my p.s. below in fact for evidence to that effect!

Which I am glad you supplied some correction to me on more of the exact mechanics of this thing in fact, but!

I did read it later & still am in fact, but I wrote later here http://it.slashdot.org/comments.pl?sid=2549930&cid=38206082 [slashdot.org] that I saw it had to do something with things like HP has (JET DIRECT boards) & ones set to allow "remote updates" & now I see it also has USB issues.

APK

P.S.=> Still, I asked for correction in my init. post here:

"* Feel free to correct me IF I am off/wrong on the mechanics this thing uses, because I didn't read the article yet," - by Anonymous Coward on Tuesday November 29, @02:37PM (#38205758) FROM http://it.slashdot.org/comments.pl?sid=2549930&cid=38205758 [slashdot.org]

... apk

Ok - RTFA (correcting myself) (0)

Anonymous Coward | more than 2 years ago | (#38206082)

Before anyone corrects me, as I asked for in my last post since I didn't RTFA?

Well - it seems this is a problem in "remote update" settings in stuff like HP "Jet Direct" boards, not printers hooked right into a PC directly & shared that way thru said PC!

NOW - It's been a LONG TIME since I last used one of those "Jet Direct" cards on HP Stuff... but iirc, you can set SECURITY on who accesses those, just like you can with printers hooked into a PC directly, correct?

(Pretty much as I stated in my last posting via stalling File & Print sharing thru said PC to the printer attached to it, or watching what users/groups CAN do so, if not stalling the server service period (for lone single systems @ home that aren't networked to other PC's there or printers, etc.)).

APK

P.S.=> The whole idea of "remote updates" is FINE, but only IF you can LIMIT who can do so, so again my question from above - CAN this be done in HP "Jet Direct" cards (or other printer oem's printer boards for sharing)?... apk

Re:researchers find attack vector known for 20 yea (1)

DeadCatX2 (950953) | more than 2 years ago | (#38205806)

If this vector has been known for so long, why is it still wide open? Why does the HP printer check for firmware updates at the outset of every print job? Why were their printers not verifying digital signatures until just two years ago?

The fact that modern printers are susceptible to this attack is still a cause for alarm.

Re:researchers find attack vector known for 20 yea (3, Informative)

skids (119237) | more than 2 years ago | (#38206054)

It's not that the printer checks for firmware at the outset of every job, it's that there is an interactive interpreter which has at its disposal such handy commands as "udw_write_mem" allowing you to scribble all over the printer's memory space and "udw_srec_upload" which imports an SREC with new firmware and jumps to the provided execute address. Also plenty of things for moving print heads, checking hardware state, and managing nvram variables. So the payload can be embedded anywhere in the print job. FWIW.

Re:researchers find attack vector known for 20 yea (1)

DeadCatX2 (950953) | more than 2 years ago | (#38206184)

Ah, thanks for the info.

I'm having a hard time deciding what's worse; constantly checking for updates without user consent (what I initially thought), or the ability for a random print job to scribble all over the printer's memory (what I know now).

I think I'm going to have to go with "scribbling all over the printer's memory". That is freaking scary. And it completely bypasses the digital signature check.

Re:researchers find attack vector known for 20 yea (1)

blair1q (305137) | more than 2 years ago | (#38205914)

Immediately made me think of the story that came up during the First Gulf War of American cyberwarriors doing this to Saddam's printers, putatively with the result that they could read everything his commanders were printing out.

No telling if it was true (and likely it was apocryphal because this is the sort of hack that stays top secret for as long as it works; see the story of the WW1 invisible ink recipe [telegraph.co.uk] that remained classified for nearly a century), but it was certainly plausible.

Bahahahahaaa!!! (0)

Anonymous Coward | more than 2 years ago | (#38205310)

Little do they know that I gave Bre Pettis 2600$ for a stolen design that consists of a glue gun at the end of a stepper motor! That's the future! If my laser printer fails, I'll just 3D print a new one! AHHHH haha ahahahahahahhahahaaa!!!!

Maybe. (3, Interesting)

jd (1658) | more than 2 years ago | (#38205314)

Since we know that darknets of zombie machines are the "in thing", it would seem more obvious for printer hackers to expand such darknets to other devices. The CPU power isn't massive, but you don't need much to be able to send spam, push virus updates to infected machines, etc. Malicious attacks for the purpose of causing actual damage are relatively far and few between compared to hijacking of systems for remote use.

That doesn't mean there are no cases of malicious attacks. Even in situations where I'm sympathetic to the principle espoused, I'd still consider almost all hacktivism to be malicious in nature. (The "almost" is because there are bound to be exceptions to any rule.) Hacktivism has been on the rise, including by nation states, and in some such cases physical damage is already the goal. That is bound to get worse.

Re:Maybe. (0)

Anonymous Coward | more than 2 years ago | (#38205728)

Since we know that darknets of zombie machines are the "in thing", it would seem more obvious for printer hackers to expand such darknets to other devices. The CPU power isn't massive, but you don't need much to be able to send spam, push virus updates to infected machines, etc.

Even worse, just imagine them getting control of your printer and, essentially, 'faxing' you endless letters from Nigerian princes.

More likely (4, Informative)

MobyDisk (75490) | more than 2 years ago | (#38205396)

Instead of burning the printer, I would more worry about someone logging all the print jobs. Long ago I joked with some coworkers that this wouldn't be too tough on a typical Windows network. Just change your IP address or machine name to match the printer, and you could intercept the jobs. I wanted to insert spelling errors or Dilbert comics into the document. But someone could be malicious and send the information to a competitor or a hedge fund.

Sure... (0)

Anonymous Coward | more than 2 years ago | (#38205418)

And the motivation of that would be? Most virus, nowadays, are meant to profit it's creator in some way like turning the computer into a bot or stealing information. The majority of times, destruction is NOT a desired outcome. Those that are, are by far the minority and either done for the lulz (few would spend so much time on such a thing as there is no gain from it), or as a targeted attack (in which most people do not have to worry about it).

Now, is it possible to steal information that printed from the printer? Seem possible but a bit limiting compared to what many can do already.

Gah. (4, Informative)

richie2000 (159732) | more than 2 years ago | (#38205434)

the printer’s fuser – which is designed to dry the ink once it’s applied to paper

Stupid submitter makes my head hurt.

There is no ink in laser printers. There is toner, a bone-dry powder that is fused to the paper by the fuser, generally a very warm cylinder.

Ink-jet printers use ink, but those droplets are so small they dry into the paper without having to be heated.

Facts, use them.

Re:Gah. (0)

Anonymous Coward | more than 2 years ago | (#38205870)

This made me cringe as well. I often get calls from users that the 'big copier is out of ink', but from somebody posting on a tech site? Keelhauled at sundown.

Re:Gah. (1)

skids (119237) | more than 2 years ago | (#38206076)

They were only quoting TFA, which was written by a journalist at MSNBC, so lets give credit where credit is due.

Re:Gah. (0)

Anonymous Coward | more than 2 years ago | (#38206120)

The fuser is normally 2 cylinders, a heat roller and a pressure roller. The pages pass between these two rollers to fuse toner to the page.

Re:Gah. (1)

ThatsMyNick (2004126) | more than 2 years ago | (#38206150)

There is no ink in laser printers. There is toner, a bone-dry powder that is fused to the paper by the fuser

http://en.wikipedia.org/wiki/Ink [wikipedia.org]

Re:Gah. (1)

_0xd0ad (1974778) | more than 2 years ago | (#38206352)

First words in that article: Ink is a liquid or paste.

If it's completely dry, it's not ink.

Re:Gah. (1)

ThatsMyNick (2004126) | more than 2 years ago | (#38206458)

The toner powder is a paste. It is not dry enough to be not considered a paste. That is, you can apply pressure on them to turn it into clay like substance.

Re:Gah. (0)

Anonymous Coward | more than 2 years ago | (#38206604)

from the wiki:

"Hot or warm water softens the toner, causing it to bond in place."

Heat softens the polymers in the powder particles, allowing them to stick/bond to each other. The heat from your fingers combined with heat generated by compression is enough to fuse it together. If you agitate toner within a non-opaque container, you'll see that the particles flow almost as well as a liquid. If there was any moisture involved, it would stick and lump together.

Re:Gah. (1)

fuzznutz (789413) | more than 2 years ago | (#38206398)

Still hard to get around that quote that the fuser is designed to "dry" that toner/ink. GP is correct. The "journalist" is an idiot.

Re:Gah. (0)

Anonymous Coward | more than 2 years ago | (#38206612)

You lose. Toner is ink.

Re:Gah. (0)

Anonymous Coward | more than 2 years ago | (#38206614)

I completely agree here, but there are in fact, some ink jet printers that have a small heating element to warm the paper just under the print head. It is used mostly on the high speed color ink jets.

...seriously? (0)

Anonymous Coward | more than 2 years ago | (#38205466)

I hope these "researchers" weren't paid.

Re:...seriously? (1)

skids (119237) | more than 2 years ago | (#38205776)

Visit their pages at Columbia. They have numerous papers on embedded device security. Having someone who is an authority on the subject to do things like serve as expert witnesses, testify to legislative bodies, and advise project managers is worthwhile. Not all "research" has to be astonishingly groundbreaking.

Has anyone hacked a JetDirect card to run an OS? (2)

swb (14022) | more than 2 years ago | (#38205484)

Some of the larger LaserJets supported two JetDirect cards. If you could make a JetDirect card run an OS, I can see a scenario like:

1) Go to company X as printer tech on fake service call
2) Install hacked JetDirect card as secondary device, connect to network
3) ????
4) Profit!

Re:Has anyone hacked a JetDirect card to run an OS (1)

skids (119237) | more than 2 years ago | (#38205552)

At least one HP MFP that I have played with can load a firmware upgrade off a camera flash card. You have to hold a button down during boot, but it would only take a couple minutes of alone time with the device and you wouldn't have to touch the target machine at all. Then all you need is the code to crash the printer driver on the target machine, the code for which is generally not hardened because it expects the printer to behave itself.

Re:Has anyone hacked a JetDirect card to run an OS (1)

hawguy (1600213) | more than 2 years ago | (#38205638)

Some of the larger LaserJets supported two JetDirect cards. If you could make a JetDirect card run an OS, I can see a scenario like:

1) Go to company X as printer tech on fake service call
2) Install hacked JetDirect card as secondary device, connect to network
3) ????
4) Profit!

If you can hack a Jetdirect card and gain physical access to the printer, why install a second one? Just upload your hacked firmware to the primary Jetdirect card and you're done. Just have it transparently pass print jobs to the printer while it does whatever nefarious activity you've programmed it to do. No need to hope that your target printer has a second Jetdirect slot, and no need to find a second network port to plug your hacked card into.

Re:Has anyone hacked a JetDirect card to run an OS (1)

jd (1658) | more than 2 years ago | (#38205738)

That means that you can remove a bridge from the system since you could write a firmware image that supported Xorp or Quagga. If a JetDirect card uses chips supported under LinuxBIOS^WCoreboot, then you can load an OS on it.

Better than destroying the printer (1)

RPGillespie (2478442) | more than 2 years ago | (#38205522)

Would be having it print out big black squares or troll faces until the toner runs out.

Re:Better than destroying the printer (1)

PPH (736903) | more than 2 years ago | (#38205588)

What's the matter? Don't have a four year old in your house?

Worse than secret codes on each page? (0)

Anonymous Coward | more than 2 years ago | (#38205628)

At least when your printer is hacked you can re-flash or dispose of it. What do you do when the printer itself is the problem?

https://w2.eff.org/Privacy/printers/docucolor/

Nothing New (0)

Anonymous Coward | more than 2 years ago | (#38205654)

The idea of using printers as a platform for attacks is not new. Every 6 months or so someone posts an artical about how dangerous (open) network printers are. The fact is nothing will be done about them until something something signifigant gets out there in the wild. For now the attitude is "It's just a printer. Come back when you have something important for me"

doh (0)

Anonymous Coward | more than 2 years ago | (#38205670)

Imagine finding your Ricoh devices building an SSL tunnel to a foreign country and as the
device owner, they don't bother to give you the keys. Not good on a govt contract printer.

sniffing for weird certs is worth while these days.

Seriously... this is old news... (1)

Mysticalfruit (533341) | more than 2 years ago | (#38205694)

Wasn't there a network attached printer that had a small nas device built into it a couple of years ago and the nas contained infected printer drivers? There are all kinds of stories about printers being used as vectors of attack for isolated networks.

I guess this research just goes from the realm of allegory to the realm of reality.

At this point, if you're not treating every device you attach to your network as a potential threat... you're doing it wrong.

A Dying Medium Becomes Attack Vector??? (1)

DiabolicallyRandom (2449482) | more than 2 years ago | (#38205882)

Seriously - this is about as big news as saying Windows XP is going to be an increasing attack vector. Printers are a generally *dying* medium. The company where I work (a health insurance company) has put severe restrictions on what you are even allowed to print, and every print job is via secure keycard release - privacy regulations and all - but the main driving factor was actually cost savings - they have a target for our internal operations to be "functionally paperless" by 2014 - meaning the only "paper" printed will be for legal requirements, such as signed contracts, etc. Printers are dying slowly - in 10 years I don't imagine most homes will even have printers anymore - I have a laser printer, and a color inkjet, and both rarely if ever get used. This is all of course just my opinion - feel free to disagree/hate me/show me evidence to the contrary/downvote me/etc

Ignoring the real problem (1)

kheldan (1460303) | more than 2 years ago | (#38206160)

If your intranet is so poorly protected that an attacker can access it from the outside, then the printer is not the real problem and I'd almost say you get what you deserve. Make sure you've got an adequate firewall, and password protect your printer.

Re:Ignoring the real problem (1)

_0xd0ad (1974778) | more than 2 years ago | (#38206400)

The point isn't that the network is poorly protected. The point is that someday grandma or grandpa is going to get a virus that infects their printer and you're probably going to completely overlook it when you try to clean their system.

Re:Ignoring the real problem (1)

Bert64 (520050) | more than 2 years ago | (#38206698)

Assuming an attacker has got into the network, one of their goals is to stay there...
Who would suspect the printer as a jumpoff point?

Also, who's going to check a printer for malware before installing it? You could intercept shipment of a printer before it was delivered, load malware on it and wait for them to connect it to the network... You could even contact the victim offering them a really good deal on a printer, wouldnt be hard to convince them to connect it to the network.

It makes a lot of sense to isolate printers on their own vlan, behind a print server that all print jobs must be routed through... More control, and more protection from compromised printers (and also makes it harder for malicious users on the main network from messing with the printers directly).

Wasn't printer firmware an attack vector earlier? (0)

Anonymous Coward | more than 2 years ago | (#38206172)

I seem to recall a whole scandal over the revelation that the US tried information warfare via chips installed in printers and fax machines back as early as 1991 during the Gulf War.
 

Already been done (1)

Baloo Uriza (1582831) | more than 2 years ago | (#38206254)

Reminds me of how the Air Force got intel on Iraq during Desert Storm. "Ssh, we secretly switched this laser printer shipment with one that has compromised firmware. Let's see if they notice the Americans are getting a copy of every document it prints!"

NAT and IPV6 (2)

Joe_Dragon (2206452) | more than 2 years ago | (#38206708)

This is why even with IPv6 you may still want to use NAT.

1. to stop people from just scanning the net for printers and wasting ink

2. to make hacks like this harder to pull off.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...