Although computers and mobile devices seem on the top of cybercriminals' hacking to-do lists nowadays, researchers from Columbia University are warning of a “devastating hack attack†targeting local printers.
Compared to the matter that cellphones and tablets pose to corporate networks, here's small potatoes
Ed Skoudis, senior security consultant, InGuardians
A new study from Columbia University's Department of Computer Science claims hundreds of thousands of Hewlett-Packard printers are liable to attack. In line with HP, the failings exist in its LaserJet printers made before 2009, but researchers claim other brands might be able to harbor the vulnerabilities besides.
Few details have leaked concerning the printer attack research. In accordance with a web Storm Center (ISC) blog entry, before installing a firmware update, the printers in question don't check digital signatures. The devices' “Remote Firmware Update†feature doesn't require authentication or even a password for the update to commence, making it easy for hackers to compromise the machines. “Long story short, for an embedded system (or any system for that matter) in the event you can rewrite the operating system you're able to control the device and make it do all kinds of unintended things,†wrote John Bambenek, some of the ISC's blog handlers.
The researchers demonstrated an attacker theoretically could remotely set a printer on fire by overheating a fuser, penetrating computer networks and erasing code. HP, however, released a statement claiming the fees are “sensational†and the opportunity of the machines catching fire is fake, saying the LaserJet printers contain a “thermal breaker†is designed to stop this from happening.
However, the corporate did admit it has identified a “potential security vulnerability†but only “if put on a public Internet and not using a firewall.â€
Organizations shouldn't panic since the technical details haven't yet been released, said Ed Skoudis, a SANS instructor and a founder and senior security consultant with InGuardians, a Washington, D.C.-based information security consulting firm. Skoudis said enterprises should already be monitoring their printers and ensuring they're not connected to the web. Keep the devices patched and set some network filtering to constrain the printer to a limited set of connections, Skoudis said.
“Compared to the difficulty that cellphones and tablets pose to corporate networks, this can be small potatoes,†Skoudis said. “This is interesting and unique due to the physical threat posed via cyber-means, but we want more details before we will assess the chance.â€
 The Columbia University researchers also are claiming there is not any easy strategy to detect a breach. “Best practices are likely sufficient to avoid by contrast attack, namely, you ought to never have printers (or another embedded device for that matter) exposed to the web,†Bambenek wrote. He added that aside from firewalling the device, monitoring traffic to and from the machine for anything apart from its print jobs should give users “a sign that something is awry.â€
HP said it's engaged on a firmware upgrade to mitigate the problem, but meanwhile, users should, like Bambenek explained, secure the machines with a firewall and disable remote firmware upload on exposed printers.
Network printers, scanners and copiers have long been identified as a possible attack vector because they generally store sensitive documents of their print spool. A CBS News report in 2009 highlighted the difficulty of digital images stored on photocopiers. The inside track organization pulled hundreds of student names, home addresses, cellular phone and Social Security numbers stored within the copier's hard disk drive.
~SearchSecurity.com News Director Robert Westervelt contributed to this report.
Nessun commento:
Posta un commento
Comments links could be nofollow free