[Noisebridge-discuss] Millions of printers open to devastating hack attack, researchers say
Jake
jake at spaz.org
Thu Dec 1 20:28:04 UTC 2011
Hewlett Packard, in a statement, said all its printers include such
thermal switches, and these would prevent a printer fire in all cases.
"(The thermal breaker) cannot be overcome by a firmware change or this
proposed vulnerability," it said.
http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say?google_editors_picks=true
Still, a widespread flaw in LaserJet printers would raise serious issues.
Hewlett Packard dominates the printer market; the firm says it's sold 100
million LaserJet printers since 1984, meaning millions of computers could
be vulnerable. HP, by far the dominant printer seller worldwide with 42
percent of the market, sells about 50 million printers of all kinds
annually, according to IDC.
In an exclusive demonstration for msnbc.com at Columbia Universitys
Intrusion Detection Systems Laboratory, Cui and Stolfo revealed the kind
of havoc an attacker could wreak once they gained control of a printer.
After sending a virus-laced print job to a target printer, the device's
small screen read, in sequence, "Erasing...Programming...Code Update
Complete."
In one demonstration, Cui printed a tax return on an infected printer,
which in turn sent the tax form to a second computer playing the part of a
hackers machine. The latter computer then scanned the document for
critical information such as Social Security numbers, and when it found
one, automatically published it on a Twitter feed.
A hacker who merely wanted to wreak havoc could easily disable thousands
or perhaps millions of vulnerable printers, Cui said, as it is trivial to
send the printer upgrades that would render it inoperable.
More information about the Noisebridge-discuss
mailing list