I attended this talk yesterday, and it was by far the best talk I attended at defcon26. The researchers did some amazing work to get this exploit. You can get the full tail of hackery at the link above, but here's my (probably/mostly correct) summary:
At some point, the fax standard was amended to include support for JPGs, in order to allow full-color faxes
As the researchers wrote in the above-linked blog article, "For some unknown reason, firmware developers tend to re-implement modules that are already implemented in major popular open sources. This means that instead of using libjpeg [ref.13], the developers implemented their own JPEG parser."
When the All-in-One device receives a JPG fax, it stores the whole JPG file in local storage (on disk, essentially). This differs from how it processes TIFF files, where the headers and image data are separated. Because the whole JPG file is stored as a normal file, it gives the attacker a platform from which to operate.
The firmware-developer-implemented JPG parser has a number of bugs, including buffer overflow vulnerabilities in the COM (CVE-2018-5925) and DHT (CVE-2018-5924) markers. It turned out the bug in the DHT marker parser was the easier one to exploit.
Exploiting the DHT marker parser buffer overflow gets them arbitrary code execution. The code they want to execute is stored in the remainder of the JPG file. Because the OS on these All-in-One devices has no security controls and everything runs with highest privileges, they were able to use this ability to overwrite the LCD screen (to visually prove pwnage) and then to use the Eternal Blue and Double Pulsar (which they managed to squeeze into the ~4000 byte payload they had available in the JPG file) exploits to start attacking other hosts on the network. Since these All-in-One devices tend to be connected to the office network (else, it's hard to print on them), this presents an excellent jumping off point for attacks.
All in all (all-in-one?) this was some amazing research and the full article is well worth a read.
All of the major WiFi equipment vendors (Cisco, Aruba, etc.) have offered this for some time -- though they don't claim anywhere near the MIT Lab's level of accuracy. For instance, Aruba calls their offering "ALE" or Aruba Location Engine. It sits as a separate virtual appliance and communicates to the central WiFi controller (AirWave in their parlance) or to the individual APs if they are operating in autonomous mode. It gets signal strength indications for each WiFi and bluetooth antenna in range of the APs (note: *not* just those devices that are Associated with the WiFi networks served by said APs) and feeds that into ALE. From there, you can map out the devices. Both Cisco and Aruba's products have very extensive APIs to access this info.
Maybe they can enhance their offerings with MIT's new technology and get the location resolution improved a bit. For now, in the wild, it's often difficult to get a station (i.e. device) location down to better than a range of 3-10 meters.
I spent $1800 on an extended warranty for my car. The warranty lasts for 6 years or 100,000 miles, which is pretty much the length of time I want to keep the car (98 Audi A4). In the few months since I've purchased it, I've already had more than $1800 worth of work done, total cost to me was $100 (2x$50 deductible).
I don't think that extended warranties make sense for devices that rapidly obselete, or that have a fairly short useable life. The exception would be extended warranties that let you bring in the now-obselete device and receive a significant credit back. For larger purchases, and purchases whose useable life is longer, or purchases where the cost to repair would be high, I think it makes a great deal of sense.
It's all a numbers game. If you think the odds are in your favor, jump on it. If not, you have to manage to convince the saleskid that you don't want it, no matter how many off-the-wall promises they make about either the product or the warranty.
If I'm not mistaken, oxidants cause mutations in the DNA of your cells -- and if that mutation happens to occur in some vital bit of the DNA, you get cancer. Cancer cells are, fundamently, normal cells that have gone awry and reproduce extremely quickly. That's why chemotherapy is used to treat cancer -- chemotherapy targets fast-reproducing cells (also why it makes your hair fall out -- hair cells are another fast reproducing cell type).
In any case, if your body produces oxidants to fight germs, couldn't those same oxidants be causing, as a side affect, mutations in your DNA? Maybe the dramatic rise in cancer rates over the past x*10^2 years isn't due entirely to our longer life spans -- maybe it's also, in part, due to the fact that we live much closer together and regularly infect and are infected by our family members/cow-workers/fellow K-mart shoppers.
The common cold a cause of cancer? Maybe not so far fetched. And maybe it's the body's oxidant-loaded response to things like cigarettes that causes cancer -- not the cigarette chemicals themselves (though I am very poorly acquainted with cigarette research). Also, what impact would those anti-oxidant drinks/pills/suppositories that are all the fad these days have on your body's ability to fight off diseases?
The majority of slash-dotters probably reside in urban or suburban areas (as do I) but analog can come in very handy in emergency situations out in the hinterlands. About a month ago I was up in the mountains outside of Sonora, California on higway 108. My girlfriend and I were about 45 minutes away from the nearest 'civilization' when we spotted a small, but growing, forest fire. We both pulled out our PCS (digital) cell phones -- she has Verizon; I have AT&T. Neither of our phones could muster enough of a signal to call 911. Luckily, I keep an ancient (~1995 vintage) analog motorala bag phone in my trunk for just such emergencies. I pulled it out and, even though I haven't had service active on the phone for the better part of a decade, I was able to plug it into my cigarette lighter and call 911. I was expecting a poor signal, if I got a signal at all, but the signal was crystal clear. This is at least partially due to the higher wattage (5w?) of the old phone when compared to the newer PCS phones (1w?).
In any case, an 8 year old bag phone may have saved a few dozen acres of remote mountain foliage, but more importantly, it may save my tutkus some day. Chalk another one up for analog -- higher maximum wattage and larger legacy coverage area.
Slashdot Mirror
L(should have)GT: https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/
I attended this talk yesterday, and it was by far the best talk I attended at defcon26. The researchers did some amazing work to get this exploit. You can get the full tail of hackery at the link above, but here's my (probably/mostly correct) summary:
All in all (all-in-one?) this was some amazing research and the full article is well worth a read.
All of the major WiFi equipment vendors (Cisco, Aruba, etc.) have offered this for some time -- though they don't claim anywhere near the MIT Lab's level of accuracy. For instance, Aruba calls their offering "ALE" or Aruba Location Engine. It sits as a separate virtual appliance and communicates to the central WiFi controller (AirWave in their parlance) or to the individual APs if they are operating in autonomous mode. It gets signal strength indications for each WiFi and bluetooth antenna in range of the APs (note: *not* just those devices that are Associated with the WiFi networks served by said APs) and feeds that into ALE. From there, you can map out the devices. Both Cisco and Aruba's products have very extensive APIs to access this info. Maybe they can enhance their offerings with MIT's new technology and get the location resolution improved a bit. For now, in the wild, it's often difficult to get a station (i.e. device) location down to better than a range of 3-10 meters.
Irony: When slashdot posts an article about avoiding work.
I-5 doesn't go anywhere near Oakland... DUH!! BTW, this is humour.
I spent $1800 on an extended warranty for my car. The warranty lasts for 6 years or 100,000 miles, which is pretty much the length of time I want to keep the car (98 Audi A4). In the few months since I've purchased it, I've already had more than $1800 worth of work done, total cost to me was $100 (2x$50 deductible).
I don't think that extended warranties make sense for devices that rapidly obselete, or that have a fairly short useable life. The exception would be extended warranties that let you bring in the now-obselete device and receive a significant credit back. For larger purchases, and purchases whose useable life is longer, or purchases where the cost to repair would be high, I think it makes a great deal of sense.
It's all a numbers game. If you think the odds are in your favor, jump on it. If not, you have to manage to convince the saleskid that you don't want it, no matter how many off-the-wall promises they make about either the product or the warranty.
If I'm not mistaken, oxidants cause mutations in the DNA of your cells -- and if that mutation happens to occur in some vital bit of the DNA, you get cancer. Cancer cells are, fundamently, normal cells that have gone awry and reproduce extremely quickly. That's why chemotherapy is used to treat cancer -- chemotherapy targets fast-reproducing cells (also why it makes your hair fall out -- hair cells are another fast reproducing cell type). In any case, if your body produces oxidants to fight germs, couldn't those same oxidants be causing, as a side affect, mutations in your DNA? Maybe the dramatic rise in cancer rates over the past x*10^2 years isn't due entirely to our longer life spans -- maybe it's also, in part, due to the fact that we live much closer together and regularly infect and are infected by our family members/cow-workers/fellow K-mart shoppers. The common cold a cause of cancer? Maybe not so far fetched. And maybe it's the body's oxidant-loaded response to things like cigarettes that causes cancer -- not the cigarette chemicals themselves (though I am very poorly acquainted with cigarette research). Also, what impact would those anti-oxidant drinks/pills/suppositories that are all the fad these days have on your body's ability to fight off diseases?
The majority of slash-dotters probably reside in urban or suburban areas (as do I) but analog can come in very handy in emergency situations out in the hinterlands. About a month ago I was up in the mountains outside of Sonora, California on higway 108. My girlfriend and I were about 45 minutes away from the nearest 'civilization' when we spotted a small, but growing, forest fire. We both pulled out our PCS (digital) cell phones -- she has Verizon; I have AT&T. Neither of our phones could muster enough of a signal to call 911. Luckily, I keep an ancient (~1995 vintage) analog motorala bag phone in my trunk for just such emergencies. I pulled it out and, even though I haven't had service active on the phone for the better part of a decade, I was able to plug it into my cigarette lighter and call 911. I was expecting a poor signal, if I got a signal at all, but the signal was crystal clear. This is at least partially due to the higher wattage (5w?) of the old phone when compared to the newer PCS phones (1w?).
In any case, an 8 year old bag phone may have saved a few dozen acres of remote mountain foliage, but more importantly, it may save my tutkus some day. Chalk another one up for analog -- higher maximum wattage and larger legacy coverage area.
The sig is only in your mind.
What about visual basic? It's cross platform, easy to understand and uses C-like syntax. Errr... wait... that's PHP. :-)
The sig is only in your mind.