Are we able to ensure that every peripherals connected to our computers and present in our offices is proof of attack? The first answer will be … “sure”. We observe same problem with our household appliance that are being more intelligent. The evolution of automation and technology push in the direction of making each device available on the network. This is open up new and interesting hacking scenarios. In this days I have read a news on a web site related an impressive number of printers of a famous firm that may be vulnerable to attacks of various kinds, from the remote control to the possibility of hijacking of documents.
Printers can be remotely controlled by criminals over the Internet to steal personal information or to attack secure networks even cause physical damage. The phenomenon is widespread and there’s no way to tell if hackers have already exploited it. The flaw involves firmware of devices that are being more complex to provide several new function like remote maintenance and control.
Printer security flaws have long been theorized, but the Columbia researchers say they’ve discovered the first-ever doorway into millions of printers worldwide. They have demonstrated to be able to hijacked computer providing instructions to the printers would continuously heat up the fuser – which is designed to dry the ink once it’s applied to paper – causing the paper to turn brown and smoke. The printers might be used as fire starters.
Mikko Hypponen, head of research at security firm F-Secure, said that Many people don’t realize that this devices are just others computers on a network with exactly the same problems and, if compromised, the same impact. He also said that the anti-virus industry could develop software tools that would detect booby-trapped print jobs in word processing documents or emails, and thwart attempts to update printers with rogue software that way. But such an approach would hardly be foolproof.
Regarding the case of the printers vulnerability a quick scan of unprotected printers left open to Internet attack by the researchers found 40,000 devices that they said could be infected within minutes. It has been discovered the lack of authentication by physically disassembling the printer, analyzing output from its chipset, one character at a time. It is easy to find off-the-shelf operating systems designed line a scaled-down version of the Linux operating system for embedded devices but this means that the chip was relatively easy, with obvious consequences. Similar scenario can be considered with the oven of our kitchen…every thing could be hacked
The issues listed should lead us to serious reflection on safety. How and in what way we protect our assets? Do we consider appliances and other devices in the same way of our computers. Antivirus, penetration tests and security policies should be contextualised to these new scenarios.
Bruce Schneier reported in him article dated June 25, 2010
“Just when you thought it was safe to use your computer, hackers have figured out how to attack everyday items. Your printer, your cellphone — even the blender in your kitchen — can be hacked and used against you.”
From the the power sockets in the walls to the front-door security system, passing to printers and cellphones … next step hack our brain!