Friday, May 29, 2015

"Red Balloon Security", HP Printers firmware update insecurity

Red Balloon Security

AESOP @ Red Balloon Security

aesop.redballoonsecurity.com/RedBalloonSecurity_AESOP.pdf

Exclusive: Millions of printers open to devastating hack attack, researchers say - Red Tape  @NBCNews

"This time-lapsed image of a screen on an HP LaserJet shows the impact of a rogue print job used to reprogram the device.



Could a hacker from half-way around the planet control your printer and give it instructions so frantic that it could eventually catch fire? Or use a hijacked printer as a copy machine for criminals, making it easy to commit identity theft or even take control of entire networks that would otherwise be secure?"

"(Columbia University’s researchers)... say they've reverse engineered software that controls common Hewlett-Packard LaserJet printers. Those printers allow firmware upgrades through a process called "Remote Firmware Update." Every time the printer accepts a job, it checks to see if a software update is included in that job. But they say printers they examined don't discriminate the source of the update software – a typical digital signature is not used to verify the upgrade software’s authenticity – so anyone can instruct the printer to erase its operating software and install a booby-trapped version."

Popular office phones vulnerable to eavesdropping hack, researchers say - Red Tape

@NBCNews

Hack Simplifies Attacks On Cisco Routers

podcast that mentioned this: Practical IoT with Josh Holmes @ .NET Rocks!


No comments: