Slashdot Mirror

← Back to Stories (view on slashdot.org)

Printers Could Be the Next Attack Vector

Posted by Soulskill on from the pc-load-letter-what-does-that-mean dept.

New submitter rcoxdav writes "Researchers have found that the upgradeable firmware on some laser printers can be easily updated and compromised. The updated firmware could then be used to do anything from overheating the printer to compromising a network. Quoting: 'In one demonstration of an attack based on the flaw, Stolfo and fellow researcher Ang Cui showed how a hijacked computer could be given instructions that would continuously heat up the printer’s fuser – which is designed to dry the ink once it’s applied to paper – eventually causing the paper to turn brown and smoke. In that demonstration, a thermal switch shut the printer down – basically, causing it to self-destruct – before a fire started, but the researchers believe other printers might be used as fire starters, giving computer hackers a dangerous new tool that could allow simple computer code to wreak real-world havoc.'"

7 of 175 comments (clear)

  1. Re:Yeah right! by ColdWetDog · · Score: 5, Interesting

    Arrh!!! Ip0 on Fire!

    What is new, is old.

    --
    Faster! Faster! Faster would be better!
  2. HCF by camperdave · · Score: 3, Interesting

    ...the researchers believe other printers might be used as fire starters, giving computer hackers a dangerous new tool that could allow simple computer code to wreak real-world havoc.

    It's not new. Computer hackers have had that ability for decades upon decades. It's called HCF: Halt and Catch Fire.

    --
    When our name is on the back of your car, we're behind you all the way!
  3. Re:Yeah right! by ackthpt · · Score: 3, Interesting

    Arrh!!! Ip0 on Fire!

    What is new, is old.

    We had files we could send to our old impact lineprinter which could play music. Hell on ribbons, so save these sources of amusement for the day you were changing the ribbon anyway.

    --

    A feeling of having made the same mistake before: Deja Foobar
  4. You laugh but... by skids · · Score: 4, Interesting

    ...printers are rather more perniciously distributed into fire-prone environments these days than from back then, and though the journalists did their usual job of munging the information so it's inaccurate and sounds sensationalistic, there's actual potential for damage to be done here.

    I've had a working uC-Linux demo for HP Deskjets available for a couple of years now (see my sig.) My intent was to open the systems up for robotics use and give robotics students a system cheap enough to allow them to take their lab projects home with them when the class was over. I don't work on it much anymore, as there hasn't been much interest, and it's boring doing it without any users to support.

    I didn't approach lasers mostly because they have less to offer for this purpose, and also due to concerns over the safety issues, but some of the same tricks on my wiki page probably work on the older/cheaper HP personal lasers.

    Could a deskjet be made to burn? Well, from playing with the stepper motor in the ink tray, I can definitely get that to heat up pretty good, not to mention draw enough current to force the device to reboot. Not that that was my intent.

    I doubt the thermal management on deskjets is as thorough as on lasers, so yes, there's a potential for danger there. While a fusor might have a thermistor, that is only because it is an obvious danger. Sending the right bit pattern into motor drive circuits could heat up components, and AFAICT the only thermometers in the deskjets are far away on the print head daughterboard.

    (Not yet published on github is my work on a slightly newer ARM-based copy/printer/scanner where I have a booting kernel already, but the toolchain is very hard to build and USB driver is still very dicey.)

    --
    Someone had to do it.
  5. Maybe. by jd · · Score: 3, Interesting

    Since we know that darknets of zombie machines are the "in thing", it would seem more obvious for printer hackers to expand such darknets to other devices. The CPU power isn't massive, but you don't need much to be able to send spam, push virus updates to infected machines, etc. Malicious attacks for the purpose of causing actual damage are relatively far and few between compared to hijacking of systems for remote use.

    That doesn't mean there are no cases of malicious attacks. Even in situations where I'm sympathetic to the principle espoused, I'd still consider almost all hacktivism to be malicious in nature. (The "almost" is because there are bound to be exceptions to any rule.) Hacktivism has been on the rise, including by nation states, and in some such cases physical damage is already the goal. That is bound to get worse.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  6. Re:Nothing new here by jd · · Score: 3, Interesting

    The truly important news that everyone so far has missed is that the original submission had a typo that the editors fixed. THAT is absolutely staggering news!

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  7. Bad info by pubwvj · · Score: 1, Interesting

    The purpose of the fuser heater/roller is not to dry the toner but to heat the toner to melt it and fuse it with pressure to the paper. It is NOT a drying process.

    It is also not liquid INK it is TONER. These are laser printers using a dry process.

    I actually invented some of the laser printer toners so I have some familiarity with these issues. I wish the writers would cover their topics better.