Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Printer malware: print a malicious document, expose your whole LAN (boingboing.net)
70 points by d0ne on Jan 1, 2012 | hide | past | favorite | 7 comments


Boing Boing publishes big scary article on how your HP Printer is going to own your home, and that article includes this:

"Cui gave HP a month to issue patches for the vulnerabilities he discovered, and HP now has new firmware available that fixes this (his initial disclosure was misreported in the press as making printers vulnerable to being overheated and turning into "flaming death bombs" -- he showed a lightly singed sheet of paper that represented the closest he could come to this claim). He urges anyone with an HP printer to apply the latest patch, because malware could be crafted to take over your printer and then falsely report that it has accepted the patch while discarding it."

Of course, Boing Boing fails to follow up with information regarding which printers are at risk, if updates might be naturally included in a windows update set, if updates might be included with update software from the printer, otherwise where else to get updates, and what to do if there is no update for your computer.

He mentions the latest patch but fails to mention how to obtain it.

Boing Boing fails to discuss any mitigation strategies, for instance, this probably cannot effect you in any way if you are printing out a) your own documents, b) web pages, or c)?

So except for a few dedicated people, no one reading Boing Boing's article is going to do a damn thing about what seems for many to be a very remote risk.

This doesn't seem to me to be a terribly helpful article, just another article warning of how dangerous the world is.


I think you play it down too far. Sure its contrived, but consider that most folks would not alert on a PC printing something, so consider the bad guy scenario of drive by sidejack, look for the network printer, download the bogus document to print and print it. Can all be done in the least trusted part of the system. Bad guy now has a foot hold on your network and you don't have any assets deployed against them yet.

I think it merits some scariness in the headline.


http://events.ccc.de/congress/2011/Fahrplan/events/4780.en.h...

Appears to have the materials from the talk. Most interesting bit from the researcher's write up:

"We have also unpacked several engine-control processor firmwares (different from the main SoC) and are currently attempting to locate code related to tracking dots. Perhaps we will have some results by December. In any case, HPacker will help the community to do further research in this direction, possibly allowing us to spoof / disable these yellow dots of burden."

In case people are not aware of the background, most printers print special patterns of "invisible" dots on every sheet printed. This allow the printed pages to be tied directly to the printer which printed the dots. Thus, if you are printing something like a political flyer which is inconvenient to your government, the government may be able to tie the flyer to you using these dots.


"most printers print special patterns of "invisible" dots on every sheet printed"

I believe this is only relevant to color printers since black pixels would be noticeable. Additionally if you were to copy/scan the document (even in color) you could alter the imaging to yield no yellow dots by exposure or contrast settings (this is common in the printing industry).

Also, this assumes that the serial number of the printer is registered. While it would be possible with an extensive search to locate the buyer of a particular printer even if they didn't register the machine (by tracing to a particular dealer etc.) unless you were committing a major crime (like counterfeiting for example) this doesn't seem like something worth the effort or practical in most cases.

You could also alter the printer to add additional yellow dots to confuse any interpretation.

http://w2.eff.org/Privacy/printers/docucolor/


In more recent news, a team in the DARPA shredded document reassembly challenge based one of the hardest solutions in part on correctly placing pieces based on those yellow dots... which they learned about on hacker news :) http://news.ycombinator.com/item?id=3368611


Here's a link to the talk about PostScript hacking, which some people might also find interesting: http://www.youtube.com/watch?v=PqL5P46m_zQ


Yup, computers that run unaudited software (that was probably rushed to market) are dangerous to your LAN. Nothing to see here.

Are there any printers that run a Free Software (or at least open-source) firmware? Are there any peripherals that do?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: