HP Printer Hack Video Shows Sensitive Data Tweet Too

Monday, December 05, 2011

Dan Dieterle

B64e021126c832bb29ec9fa988155eaf

HP Printer Hack Video Shows Tweeting Sensitive Data, Not Just “Burning Paper”

The “HP Printer Paper Burning Hack” has made headline news, but the actual video from the Intrusion Detection Systems Group at Columbia University paints a totally different story.

In the video, Professor Salvatore J. Stolfo and a senior graduate research assistant shows how a maliciously formed print job could cause an HP printer’s firmware to be reprogrammed so it acts like a copy machine – sending an exact print job to any place in the world, but also as a pivot point to attack computers on the local network.

A print job specially crafted with a replacement firmware (operating system code for printers) is sent to the printer. The original printer firmware is erased automatically, without user intervention, the malicious firmware installed and the printer comes back online.

Then when a print job is sent to the printer, in this case a tax return, an exact duplicate is sent to the attackers printer (which could be located anywhere in the world). There is no notification that the extra print job is being created or where it is sent.

But that is not all, the attackers also get a tweet on their twitter page showing sensitive information parsed from the print job!

In this instance, a copy of the user’s social security number is pulled off of the printer page and sent to the attackers Twitter page. Again without notification to the end user who is just printing their tax return.

Next, the graduate student shows how the reprogrammed printer could be used as a pivot point and used to attack computers on the users local network. In this case, the simulated internet based attacker uses the printer to create a tunnel across the internet and into the local network.

The student then uses the popular penetration tester tool Backtrack to send an exploit to an internal Windows XP system while pivoting through the printer and gains an administrator shell into the PC.

They do mention briefly that they could get a brown line on the paper, but state that the built in thermostat prevented the paper from actually catching fire. I just don’t get how the media focused on this part of the presentation and not on the other more serious security issues brought forth in the presentation.

According to the Columbia University research team, this type of attack would be very hard to detect or deter. There is no anti-virus or built in security feature on the printer to stop the malicious firmware update to take place or notification that the printer has been compromised. But the problem does not end there.

They mention that this type of problem is inherent in numerous embedded devices including VoIP phones, routers, webcams etc.

Access to the devices need to be filtered and programs that monitor and record network traffic for malicious activity are always a good idea in a corporate environment.

Check out the video for yourself at http://www.hacktory.cs.columbia.edu/.

Cross-posted from Cyber Arms

Possibly Related Articles:
18067
Network->General
Hardware
malware Attack Hardware Exploits Network Security Hewlett Packard Firmware Multi-Function Printers
Post Rating I Like this!
7ca9cf570bb97d22b119f3a70d335ede
Brian Smithson This is one of the most sane articles I've seen about the "HP printers on fire" hack. Still, I think there is more to be said about it, and I've tried to say it here: http://grot.com/wordpress/?p=218.
1323210540
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.