It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Hackers Could Turn Your Printer Into a Flaming Death Bomb
page: 2share:
It seems that HP is arguing about the danger of this vulnerability
Source
A firewall isnt a great deal of help against something like a Trojan Horse. Firewalls are statefull and only let traffic onto a system if it is a reply to traffic sent out from the original system. If a system is compromised by a trojan virus then the trojan contacts the hacker so then a reply is possible through the firewall from the Internet.
Also not all printers are protected very well
Source
But the researchers say the possibilities created by hijacked printers go far beyond pranks or identity theft. Printers on a company network are nearly always trusted by other computers. A hijacked printer could act as a beachhead to attack a company's network that was otherwise protected by a firewall. Few companies are prepared to protect themselves from an attack by their own printer.
Moore (HP executive) also disagreed with this assertion. He said standard print jobs could not be used to initiate a firmware upgrade; only specially-crafted files sent directly to the printer can do that. Were that true, the vulnerability could only be exploited on printers left exposed to the Internet; printers behind a firewall would be safe.
Source
A firewall isnt a great deal of help against something like a Trojan Horse. Firewalls are statefull and only let traffic onto a system if it is a reply to traffic sent out from the original system. If a system is compromised by a trojan virus then the trojan contacts the hacker so then a reply is possible through the firewall from the Internet.
Also not all printers are protected very well
A quick scan of unprotected printers left open to Internet attack by the researchers found 40,000 devices that they said could be infected within minutes.
Source
reply to post by PhoenixOD
40000? Only 40000? These must be on non-secured networks because NAT alone (Network Address Translation) means that internet traffic is not allowed "in" and most people/companies are sitting behind a NAT router, if not a fully-fledged firewall. No reason to panic and any company that leaves its printers or printer management servers open to "the cloud" deserves all the damage it gets (I'm a sys-admin by trade). If this requires code (i.e. an executable) to take advantage of, in many corporate environments you can forget even trying. You won't be able to run that program due to lack of "rights". I do understand stateful but to get there you have to open that port up first. Its a chicken and egg type scenario (to open the port first you will need to get in) and still easily preventable with good firewall policies.
40000? Only 40000? These must be on non-secured networks because NAT alone (Network Address Translation) means that internet traffic is not allowed "in" and most people/companies are sitting behind a NAT router, if not a fully-fledged firewall. No reason to panic and any company that leaves its printers or printer management servers open to "the cloud" deserves all the damage it gets (I'm a sys-admin by trade). If this requires code (i.e. an executable) to take advantage of, in many corporate environments you can forget even trying. You won't be able to run that program due to lack of "rights". I do understand stateful but to get there you have to open that port up first. Its a chicken and egg type scenario (to open the port first you will need to get in) and still easily preventable with good firewall policies.
edit on 29/11/11 by LightSpeedDriver because: Clarification
I don't know exactly why but this thread makes me laugh my arse off hysterically! Ok admittedly if this is true it could be one of
the most amazing attacks ever created.
Spontaneousprintercombustion.
Spontaneousprintercombustion.
reply to post by antar
What is even more funny is apparently the toner (powder ink) that laser printers use is carcinogenic. Yeah, imagine inhaling those fumes...
What is even more funny is apparently the toner (powder ink) that laser printers use is carcinogenic. Yeah, imagine inhaling those fumes...
Think I'll take into consideration of my printer exploding in my face as a result of a hacker is 1 in 1,000,000..
I'll have a better chance getting hit by a lightning strike..
I'll have a better chance getting hit by a lightning strike..
Is it a "flaw"
Business is down and you run a company, what better way to make money then to have a "flaw " that you could exploit with a software update.
Then over a couple weeks a number of 2 to 3 year old printers overheat and need to be replaced.
Your sales might go up in a country like the US by 50k to 100k units.
On 2 to 3 year old units no one would be the wiser.
On top of the fact there are people that buy a new printer just because there printer runs out of ink because it cost about the same as just buying ink for some printers.
Business is down and you run a company, what better way to make money then to have a "flaw " that you could exploit with a software update.
Then over a couple weeks a number of 2 to 3 year old printers overheat and need to be replaced.
Your sales might go up in a country like the US by 50k to 100k units.
On 2 to 3 year old units no one would be the wiser.
On top of the fact there are people that buy a new printer just because there printer runs out of ink because it cost about the same as just buying ink for some printers.
reply to post by ANNED
Now this is probably the real reason.
I also feel that programs will contain things that down the road
increase sales of various things
Now this is probably the real reason.
I also feel that programs will contain things that down the road
increase sales of various things
reply to post by LightSpeedDriver
I agree with the correct software restriction policies in place and USB lockdown etc it would be almost impossible for a limited user to execute a trojan but its not totally impossible for an admin or network operator to accidentally execute a trojan infected program which would then run with elevated permissions. Relying on policies to prevent the exploitation of a flaw on a system is not as secure as having a system with no possible flaws.
I think its wrong that HP are arguing that there is no risk because their hardware should be sat behind a proxy and firewall on a properly managed system. The average home user and even some small businesses may not be able to secure their printers using the correct security measures. This is the point i was making earlier in this thread that manufactures will try to ignore potential problems like this for as long as possible.
I agree with the correct software restriction policies in place and USB lockdown etc it would be almost impossible for a limited user to execute a trojan but its not totally impossible for an admin or network operator to accidentally execute a trojan infected program which would then run with elevated permissions. Relying on policies to prevent the exploitation of a flaw on a system is not as secure as having a system with no possible flaws.
I think its wrong that HP are arguing that there is no risk because their hardware should be sat behind a proxy and firewall on a properly managed system. The average home user and even some small businesses may not be able to secure their printers using the correct security measures. This is the point i was making earlier in this thread that manufactures will try to ignore potential problems like this for as long as possible.
edit on 30-11-2011 by PhoenixOD because: (no reason given)
reply to post by PhoenixOD
I see your point now and you are right. Possibly part of the problem is due to the fact that HP are pretty much world leader in printers and therefore have little incentive to change their ways. Every corporate environment I've worked in has used HP printers. One firm I was at tried a cheaper brand to save money one year, but just about all those printers broke (flimsy construction) in less than a year and cost more in down-time than anything HP produced. On paper they looked good, in practice they gave nothing but problems. We had to "go back" to HP.
I see your point now and you are right. Possibly part of the problem is due to the fact that HP are pretty much world leader in printers and therefore have little incentive to change their ways. Every corporate environment I've worked in has used HP printers. One firm I was at tried a cheaper brand to save money one year, but just about all those printers broke (flimsy construction) in less than a year and cost more in down-time than anything HP produced. On paper they looked good, in practice they gave nothing but problems. We had to "go back" to HP.
new topics
-
The Great Mosaic of God Unfolding Before Our Eyes
Religion, Faith, And Theology: 5 hours ago -
Silent Weapons
General Conspiracies: 9 hours ago
top topics
-
According to Wiki, HAMAS is the same as "Palestinians"
US Political Madness: 13 hours ago, 8 flags -
Two Guards Shot Dead And Gang Boss Nicknamed "The Fly" On The Run.
Mainstream News: 13 hours ago, 7 flags -
15.6 Percent of US Population Now Foreign Born - 51.6 Million
Social Issues and Civil Unrest: 14 hours ago, 6 flags -
Long Range Drone - Test Flight
General Chit Chat: 13 hours ago, 6 flags -
New Whistleblower: "I worked on a team that dealt with with NHI technology and left in 2018."
Aliens and UFOs: 12 hours ago, 6 flags -
Silent Weapons
General Conspiracies: 9 hours ago, 6 flags -
Deadbots - AI Deepfakes that Simulate Dead People Risks Haunting Relatives
Science & Technology: 15 hours ago, 3 flags -
Fake Aurora's produced by HAARP
Science & Technology: 14 hours ago, 3 flags -
The Great Mosaic of God Unfolding Before Our Eyes
Religion, Faith, And Theology: 5 hours ago, 1 flags
active topics
-
The biggest problem with the Hush money trial
US Political Madness • 194 • : Vermilion -
Fake Aurora's produced by HAARP
Science & Technology • 77 • : chr0naut -
New Whistleblower: "I worked on a team that dealt with with NHI technology and left in 2018."
Aliens and UFOs • 16 • : pianopraze -
WHY is DOJ Not Turning Over the AUDIO of JOE BIDENs Sworn Testimony to Prosecutor Robert Hur.
Above Politics • 24 • : Zanti Misfit -
Don Trump-Quixote
Political Issues • 26 • : chr0naut -
Deadbots - AI Deepfakes that Simulate Dead People Risks Haunting Relatives
Science & Technology • 21 • : Athetos -
Gaza Genocide Real or Propaganda
Middle East Issues • 356 • : Irishhaf -
The Great Mosaic of God Unfolding Before Our Eyes
Religion, Faith, And Theology • 7 • : randomuser2034 -
A new Why Files How CRISPR and AI Destroy the World
Science & Technology • 33 • : catsrus -
Candidate TRUMP Now Has Crazy Judge JUAN MERCHAN After Him - The Stormy Daniels Hush-Money Case.
Political Conspiracies • 1690 • : Zanti Misfit