Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Security Hardware IT

Attack of the Trojan Printers 144

Posted by samzenpus
from the it's-crowded-in-there dept.
snydeq writes "Security professionals are tapping Trojan horse access points cloaked in printers and other office equipment to infiltrate clients who want their defenses tested, InfoWorld reports. Attackers dressed in IT supplier uniforms drop off printers to a company for a test-drive. Once the device is connected to the network, the penetration testers have a platform behind any perimeter defenses from which to attack. 'You can put your box inside a printer tray and glue it shut, and who will notice if there are one or two or three power cables coming out?' one security researcher says of the method. A variant of the attack, presented by Errata Security at the Defcon hacking convention, uses an attack-tool-laden iPhone mailed to a target company to get inside the firm's network defenses."
This discussion has been archived. No new comments can be posted.

Attack of the Trojan Printers

Comments Filter:
  • Re: Old News (Score:5, Informative)

    by wjousts (1529427) on Wednesday December 01, 2010 @03:29PM (#34408288)

    Urban myth, read the first two paragraphs of TFA

    Way back in 1991, InfoWorld reported on an advanced threat hitchhiking inside printers shipped to Iraq. The virus, known as AF/91 and implanted by the U.S. government, reportedly shut down Iraqi radar installations before escaping to spread among Windows computers.

    The article, published on April 1, was a spoof. But it spawned an urban myth that has been reported as fact in many circles.

  • by FooAtWFU (699187) on Wednesday December 01, 2010 @04:58PM (#34409804) Homepage

    This is why serious wireless vendors like Cisco and Aruba and the like have "rogue access point detection" which can not only triangulate the location of an unknown device given its wireless signal strength in relation to legitimate APs, they can also determine if it's hooked up to your network (if there's appropriate hardware in the packet path) and spoof packets to cause a denial of service and disconnect any clients.

    Of course, these capabilities will cost you.

People will buy anything that's one to a customer.