Comments

Dom De Vitto January 6, 2012 3:46 PM

Um, I think the list will probably get a lot bigger than this – it was possible to root LJ4s back in the day, and even the newest sub-$50 ‘All-in-Ones’ have features like automatic update, email-to-print etc. – and those need similar scrutiny.

Oh, and what gives with publishing ftp logins in that document?
The document is available using ftp:

http://ftp.usa.hp.com
account: sb02728
password: Secure12

or

ftp://sb02728:Secure12@ftp.usa.hp.com/

???

Jon Marcus January 6, 2012 3:57 PM

Not to trivialize this, but it seems like it’d be tough to get a malicious document to a printer. Wouldn’t that require user interaction, (i.e. some pretty significant social engineering) to make that happen?

Wendy M. Grossman January 6, 2012 4:36 PM

Jon: my write-up (which mentions the fire angle because how can you not, but I hope made plain that this wasn’t the biggest issue – and which was somewhat earlier than the headlines) I hope explains the vector (http://www.newswireless.net/index.cfm/article/9301) – basically, they uncovered a way to embed malware in documents being sent to the printer, which must interpret some of the more sophisticated stuff in order to print it.

wg

kingsnake January 6, 2012 4:54 PM

My HP laser is at least 15 years old (back when you could still trust an HP product). Do I still need to patch it?

Dom De Vitto January 6, 2012 5:22 PM

Jon Marcus: HP have been going crazy for ’email a document to your printer’ technology 🙁 In this case, the emailed document is converted by HP, but the resulting output document still results in breach.

kingsnake: A thing with 8k of ROM will have input bugs, on top of the telnet/ftp management.

Bernd January 6, 2012 6:10 PM

“Print Me If You Dare
Firmware Modification Attacks and the Rise of Printer Malware”
http://www.youtube.com/watch?v=gRGEnakrx9o
First hand information (technical stuff from the authors of the report) from the CCC congress 28c3 in the youtube video above.
Malware in embedded systems might be worth some attention in the future.

Steve January 6, 2012 8:33 PM

Reminds me of one of those fanciful old Opcodes that hackers used to invent:

HCF. . . Halt and Catch Fire.

hijack my momma January 6, 2012 9:22 PM

Let’s hear it for proprietary hardware AND software!

Now get busy and use your closed source tools to scan your closed OS, plebs!

Some examples of mystery code products which are closed and source code not available for screening by the user:

Spybot
Avast
Comodo – several security programs
Hijack This!
CCleaner
Ad-aware
Malwayrebyes Antimalware
Super AntiSpyware

millions of idiots scanning their closed systems with closed code, giving all those files of theirs to a closed os and closed scanners, some using “the cloud” to reveal the files on their hard drive across the internet. brilliant.

foo January 7, 2012 1:07 AM

This is most excellent for those who want to jailbreak their printer, remove the installed firmware and run Free Software.

Rob January 7, 2012 3:57 AM

@hijack my momma
… and your recommended open source alternatives for CCleaner and Malwarebytes Antimalware are? I select those two because I am one of the millions of idiots who scan their machines with them. But I’m always open to learn.

Jens (the other one) January 7, 2012 12:48 PM

Word allows the attacker to add data to a document which is directly sent to the printer. (And which is used for legitimate purposes as well…)

Send someone a hacked coupon for a free Big Mac, coffee, whatever – and you are done.

Particular Random Guy January 7, 2012 2:13 PM

I would really patch my printer, if I had a windows machine at hand, being able to run that stupid windows update program. :-/

Natanael L January 7, 2012 4:35 PM

@hijack my momma: Do you know of a better free HIPS like software than Comodo CIS for Windows? (And yes, I need Windows for school. AutoCAD, etc…)

Bill P. Godfrey January 9, 2012 8:19 AM

Forged email from the companies CEO?

All employees please print out and sign the attached form to qualify for the annual bonus payment and send it to the national tax office. This is a new tax requirement and we will not be able to pay your bonus without this form.

Next day, the tax collectors get a load of scrap paper in the mail and no-one in management or IT realises what happened.

paul January 9, 2012 8:32 AM

It shouldn’t be too hard to conjoin this attack with one that infects all the currently-accessible Word or Excel or whatever documents on a user’s machine. That way, when anything gets printed, the printer gets rooted.

The beauty of attacks like this is that they don’t have to bear fruit immediately. If it takes week or months to compromise a network that’s OK too.

Greg A January 9, 2012 9:35 AM

Re: “Oh, and what gives with publishing ftp logins in that document?”

Clearly HP don’t actually have web or file servers. It’s all done by emailing the files you want served to a big printer, then publishing the printer’s admin login.

x January 11, 2012 2:24 PM

I’ll bite.

“Do you know of a better free HIPS like software than Comodo CIS for Windows? (And yes, I need Windows for school. AutoCAD, etc…)”

Yes, it’s called OSSEC:
http://www.ossec.net/

and:

Suricata:
http://www.openinfosecfoundation.org/index.php/download-suricata

I don’t believe you need Windows when Linux and WINE/Crossover are available:

http://www.winehq.com/
http://www.codeweavers.com/

If the programs don’t run, blame it on the proprietary theology of Windows, brought to you by One Microsoft Way.

“and your recommended open source alternatives for CCleaner and Malwarebytes Antimalware are? I select those two because I am one of the millions of idiots who scan their machines with them. But I’m always open to learn.”

Try one:
(and install WINE or Crossover for Windows apps)
http://www.distrowatch.com

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.