Slashdot Mirror
Printers Could Be the Next Attack Vector
New submitter rcoxdav writes "Researchers have found that the upgradeable firmware on some laser printers can be easily updated and compromised. The updated firmware could then be used to do anything from overheating the printer to compromising a network. Quoting: 'In one demonstration of an attack based on the flaw, Stolfo and fellow researcher Ang Cui showed how a hijacked computer could be given instructions that would continuously heat up the printer’s fuser – which is designed to dry the ink once it’s applied to paper – eventually causing the paper to turn brown and smoke. In that demonstration, a thermal switch shut the printer down – basically, causing it to self-destruct – before a fire started, but the researchers believe other printers might be used as fire starters, giving computer hackers a dangerous new tool that could allow simple computer code to wreak real-world havoc.'"
Yeah right, my printer could not possibly bring my networ
http://en.wikipedia.org/wiki/Lp0_on_fire
You have been able to use HP jetdirect printers as an attack vector for decades.
IT seems that Computer security is not remembering how attacks were happening from the 90's and earlier.
Hell you could make Xerox solid ink printers burn the paper by sending them a corrupted PDF. it would stop in mid print with the paper on the drum and under the fixer running full power.
Do not look at laser with remaining good eye.
Like every 3d printer in a major manufacturing installation hacked and reconfigured to manufacture 3d-cast giant cocks ... Can you imagine how will the plant manager feel after ending up with a warehouse full of cocks ?
Read radical news here
A printer was pirating its stuff!
How about a less sensational headline like: "Printer firmware opens attack vector".. or something.
It's not new. Computer hackers have had that ability for decades upon decades. It's called HCF: Halt and Catch Fire.
When our name is on the back of your car, we're behind you all the way!
While this may be attractive to drunken programmers, it's not something I expect evul terrerists to perpetrate or nefarious crackers, who are far more interested in stealing your money.
A feeling of having made the same mistake before: Deja Foobar
This has been known and demonstrated since the early 1990s. Moreover, Tom Clancy used this type of attack as plot device in one of his novels, in the 90s.
I've had a working uC-Linux demo for HP Deskjets available for a couple of years now (see my sig.) My intent was to open the systems up for robotics use and give robotics students a system cheap enough to allow them to take their lab projects home with them when the class was over. I don't work on it much anymore, as there hasn't been much interest, and it's boring doing it without any users to support.
I didn't approach lasers mostly because they have less to offer for this purpose, and also due to concerns over the safety issues, but some of the same tricks on my wiki page probably work on the older/cheaper HP personal lasers.
Could a deskjet be made to burn? Well, from playing with the stepper motor in the ink tray, I can definitely get that to heat up pretty good, not to mention draw enough current to force the device to reboot. Not that that was my intent.
I doubt the thermal management on deskjets is as thorough as on lasers, so yes, there's a potential for danger there. While a fusor might have a thermistor, that is only because it is an obvious danger. Sending the right bit pattern into motor drive circuits could heat up components, and AFAICT the only thermometers in the deskjets are far away on the print head daughterboard.
(Not yet published on github is my work on a slightly newer ARM-based copy/printer/scanner where I have a booting kernel already, but the toolchain is very hard to build and USB driver is still very dicey.)
Someone had to do it.
Since we know that darknets of zombie machines are the "in thing", it would seem more obvious for printer hackers to expand such darknets to other devices. The CPU power isn't massive, but you don't need much to be able to send spam, push virus updates to infected machines, etc. Malicious attacks for the purpose of causing actual damage are relatively far and few between compared to hijacking of systems for remote use.
That doesn't mean there are no cases of malicious attacks. Even in situations where I'm sympathetic to the principle espoused, I'd still consider almost all hacktivism to be malicious in nature. (The "almost" is because there are bound to be exceptions to any rule.) Hacktivism has been on the rise, including by nation states, and in some such cases physical damage is already the goal. That is bound to get worse.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Instead of burning the printer, I would more worry about someone logging all the print jobs. Long ago I joked with some coworkers that this wouldn't be too tough on a typical Windows network. Just change your IP address or machine name to match the printer, and you could intercept the jobs. I wanted to insert spelling errors or Dilbert comics into the document. But someone could be malicious and send the information to a competitor or a hedge fund.
the printer’s fuser – which is designed to dry the ink once it’s applied to paper
Stupid submitter makes my head hurt.
There is no ink in laser printers. There is toner, a bone-dry powder that is fused to the paper by the fuser, generally a very warm cylinder.
Ink-jet printers use ink, but those droplets are so small they dry into the paper without having to be heated.
Facts, use them.
Money for nothing, pix for free
Some of the larger LaserJets supported two JetDirect cards. If you could make a JetDirect card run an OS, I can see a scenario like:
1) Go to company X as printer tech on fake service call
2) Install hacked JetDirect card as secondary device, connect to network
3) ????
4) Profit!
The truly important news that everyone so far has missed is that the original submission had a typo that the editors fixed. THAT is absolutely staggering news!
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
It's not that the printer checks for firmware at the outset of every job, it's that there is an interactive interpreter which has at its disposal such handy commands as "udw_write_mem" allowing you to scribble all over the printer's memory space and "udw_srec_upload" which imports an SREC with new firmware and jumps to the provided execute address. Also plenty of things for moving print heads, checking hardware state, and managing nvram variables. So the payload can be embedded anywhere in the print job. FWIW.
Someone had to do it.
This is why even with IPv6 you may still want to use NAT.
1. to stop people from just scanning the net for printers and wasting ink
2. to make hacks like this harder to pull off.
I think this is ridiculous. They've been talking about "paperless offices" for decades now, and it hasn't happened yet. In fact, there's now tons of low-end laser printers aimed at the home market, costing about $100; this was unheard of 15+ years ago, when laser printers were always quite expensive.
There'll always be things people and businesses will want printers for. Anyone who needs a job has to be able to print a resume, for instance. It doesn't look good going for a job interview and not having a few copies of your resume with you to give the person interviewing you (usually they've already seen a copy you emailed them, but half of them IME invariably forget to bring it to the interview). Anyone with a business serving customers has to be able to print receipts, invoices, packing lists, mailing labels, etc.