Print Me If You Dare - the Rise of Printer Malware
Print Me If You Dare - the Rise of Printer Malware
Written by Mike James   
Sunday, 01 January 2012

The recent 28th Chaos Communications Congress has produced a number of interesting ideas, but a presentation of two hacks that turned printers into rogue machines was an eye opener for both programmer and IT manager.

In his hour-long talk "Print Me If You Dare", Ang Cui demonstrated two printer hacks that are a clear sign that printers are no longer dumb enough to be ignored as part of the security problem. He showed that it was possible to load a program into the printer by embedding code into a document, or by direct connection to an infected PC.
The first exploit downloaded as part of a document and then set the printer up to email any future print jobs to a specified IP address. The second used the printer to scan for vulnerable PCs connected to the same network.

 

printmeifyoudare

 

The attacks were all on HP printers and were the fruit of reverse engineering the firmware update mechanism. No doubt other printers could be attacked in the same way. Cui gave HP a month to issue patches to the firmware before making the details public and in theory the printers targeted should now be secure. However users should check because it is possible that a printer that was infected before the patch update will falsely report that it has been updated.


You can see the full presentation here:

 

              

Previously the same exploits were misreported as being able to make a printer operate in such a way as to make it burst into flames or at least overheat. In practice, safety cutouts restrict the damage to singeing a piece of paper.

So it seems exploding printers aren't a real threat but printers that make copies of all of your printed documents and send them to a public website are.

 

More Information

Print Me If You Dare

 

To be informed about new articles on I Programmer, subscribe to the RSS feed, follow us on Google+, Twitter, Linkedin or Facebook or sign up for our weekly newsletter.

 
 

 

blog comments powered by Disqus

 

Banner


Find Your 2000-Year-Old Double With Face Recognition
18/02/2017

Wouldn't you like to know if you look like Caesar or Venus? It's now possible thanks to advanced face recognition software. Discover how the Quebec Musée de la Civilisation is using the Betaface [ ... ]



Early Bird Savings For SDD 2017
26/01/2017

The Software Design and Development Conference takes place from 15-19 May. Register by midnight on January 27th, to benefit from a significant discount whether you book for a single workshop, for the  [ ... ]


More News

Last Updated ( Sunday, 01 January 2012 )
 
 

   
RSS feed of news items only
I Programmer News
Copyright © 2017 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.