Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Security Hardware IT

Attack of the Trojan Printers 144

snydeq writes "Security professionals are tapping Trojan horse access points cloaked in printers and other office equipment to infiltrate clients who want their defenses tested, InfoWorld reports. Attackers dressed in IT supplier uniforms drop off printers to a company for a test-drive. Once the device is connected to the network, the penetration testers have a platform behind any perimeter defenses from which to attack. 'You can put your box inside a printer tray and glue it shut, and who will notice if there are one or two or three power cables coming out?' one security researcher says of the method. A variant of the attack, presented by Errata Security at the Defcon hacking convention, uses an attack-tool-laden iPhone mailed to a target company to get inside the firm's network defenses."
This discussion has been archived. No new comments can be posted.

Attack of the Trojan Printers

Comments Filter:
  • Re: Old News (Score:5, Informative)

    by wjousts ( 1529427 ) on Wednesday December 01, 2010 @03:29PM (#34408288)

    Urban myth, read the first two paragraphs of TFA

    Way back in 1991, InfoWorld reported on an advanced threat hitchhiking inside printers shipped to Iraq. The virus, known as AF/91 and implanted by the U.S. government, reportedly shut down Iraqi radar installations before escaping to spread among Windows computers.

    The article, published on April 1, was a spoof. But it spawned an urban myth that has been reported as fact in many circles.

  • by FooAtWFU ( 699187 ) on Wednesday December 01, 2010 @04:58PM (#34409804) Homepage

    This is why serious wireless vendors like Cisco and Aruba and the like have "rogue access point detection" which can not only triangulate the location of an unknown device given its wireless signal strength in relation to legitimate APs, they can also determine if it's hooked up to your network (if there's appropriate hardware in the packet path) and spoof packets to cause a denial of service and disconnect any clients.

    Of course, these capabilities will cost you.

A consultant is a person who borrows your watch, tells you what time it is, pockets the watch, and sends you a bill for it.