Chinese Hackers Infiltrate Firms Using Malware-Laden Handheld Scanners

← Back to Stories (view on slashdot.org)

Chinese Hackers Infiltrate Firms Using Malware-Laden Handheld Scanners

Posted by timothy on Friday July 11, 2014 @06:33PM from the location-location-location dept.

wiredmikey (1824622) writes China-based threat actors are using sophisticated malware installed on handheld scanners to target shipping and logistics organizations from all over the world. According to security firm TrapX, the attack begins at a Chinese company that provides hardware and software for handheld scanners used by shipping and logistics firms worldwide to inventory the items they're handling. The Chinese manufacturer installs the malware on the Windows XP operating systems embedded in the devices.

Experts determined that the threat group targets servers storing corporate financial data, customer data and other sensitive information. A second payload downloaded by the malware then establishes a sophisticated C&C on the company's finance servers, enabling the attackers to exfiltrate the information they're after. The malware used by the Zombie Zero attackers is highly sophisticated and polymorphic, the researchers said. In one attack they observed, 16 of the 48 scanners used by the victim were infected, and the malware managed to penetrate the targeted organization's defenses and gain access to servers on the corporate network. Interestingly, the C&C is located at the Lanxiang Vocational School, an educational institution said to be involved in the Operation Aurora attacks against Google, and which is physically located only one block away from the scanner manufacturer, TrapX said.

5 of 93 comments (clear)

Min score:

Reason:

Sort:

Problem traced by invictusvoyd · 2014-07-11 18:43 · Score: 5, Insightful

The Chinese manufacturer installs the malware on the Windows XP operating systems embedded in the devices.
1. Re:Problem traced by drinkypoo · 2014-07-11 23:02 · Score: 4, Interesting
  
  I wonder what happened to the habit of making embedded systems simple and transparent...
  I remember some 20 years ago a friend of mine was telling me that sooner or later, your microwave would have a whole operating system on it, even though it only performed simple tasks. It was already cheaper even then to use a MCU over discrete logic for many devices which were not staggeringly complex. It's about development time. As long as we fail to demand quality, we will continue to get what is convenient to produce in quantity. Pity about quality.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
2. Re:Problem traced by plover · 2014-07-11 23:32 · Score: 4, Informative
  
  The "scanner" portion of these devices is typically an embedded system that drives a hardware sensor, and speaks USB out the back side. You could probably open one up, solder a cable to the right points on the scanner board, and you'd have exactly the simple and transparent scanner you requested.
  But because the business wants a truckload (no pun intended) of functionality out of these scanners, they need it to have more capabilities. First, it needs to be on the network, or it won't give them any benefit. Next, it needs to be multi-tasking so it can display alerts, etc. Its primary task may be to inventory the stuff coming off a truck, its other tasks may include assigning work items to line employees, displaying alerts on the supervisors' screens, punching the timeclock for breaks, and possibly even employee email. To a lot of businesses, a browser based interface lets them run whatever kind of functions they want, without the expense of continually pushing a bunch of apps out to a bunch of random machines. So taking all that together, embedded XP is one (bloated) way of meeting all that.
  So while the scanner itself is simple, it's the rest of the hardware in the device that was infested with XP and other malware.
  
  --
  John
Backtrack the financials... by Etherwalk · 2014-07-11 18:49 · Score: 4, Interesting

Check for uncanny puts and calls on the market before earnings reports come out that can be traced to related parties...
Re:China-based threat actors by toejam13 · 2014-07-11 19:32 · Score: 5, Informative

They are probably using Windows XP Embedded (XPe), which is a customizable version of the OS. Customers can strip the OS down to only the components they need, significantly reducing the footprint of the OS.
XPe benefits from being able to use standard XP hardware drivers. Sometimes a driver simply isn't available for Linux, QNX, VxWorks or other embedded OSes. That's one reason that OS/2 based ATMs are disappearing - not because of security, but because drivers for newer card readers don't exist.
Lastly, you'd be surprised at what a modern scanner looks like. It doesn't just read barcodes and go beep. My workplace uses scanners for inventory tracking, and they come with a full GUI where we can associate new parts with a chassis, report drives being shredded, and just about anything you can think of inventory related.