Attack of the Trojan Printers 144
snydeq writes "Security professionals are tapping Trojan horse access points cloaked in printers and other office equipment to infiltrate clients who want their defenses tested, InfoWorld reports. Attackers dressed in IT supplier uniforms drop off printers to a company for a test-drive. Once the device is connected to the network, the penetration testers have a platform behind any perimeter defenses from which to attack. 'You can put your box inside a printer tray and glue it shut, and who will notice if there are one or two or three power cables coming out?' one security researcher says of the method. A variant of the attack, presented by Errata Security at the Defcon hacking convention, uses an attack-tool-laden iPhone mailed to a target company to get inside the firm's network defenses."
Physical access == pwnage (Score:4, Insightful)
Nothing really new here, other than perhaps people realizing that printers are a network entity (which they have been at least since the HP LaserJet cards). As for housing a blackhat-usable machine, that has been done for ages, as it isn't hard to just plug in a laptop or network powered biscuit PC and start firing up nmap.
How to protect about this? Cisco's core routers have plenty of tools to deal with rogue devices (MAC address locking per port, healthchecking, etc.) Wireless networks take some more doing, but can be just as well locked down.
Obvious trojans? (Score:2, Insightful)
Dumb people being tricked?! News at 11.
Technically, if you've got extra wires hanging out of your Trojan Printer, you just might be the biggest idiot in fuckheadland. Integrate your spyshit to the motherboard and feed off the built-in network connection and power system! Sorry, I don't click on *world.com articles due to high ad noise and shitty page layout, but I get the drift, Ned. Not even close. NEXT?!
Old Hat... (Score:5, Insightful)
Did that years ago.
HPLJ4 -- two power cables? what are they hiring amateurs?
Open printer, add PC-104 computer with ethernet and a linux on it along with a small switch. printer AND PC104 connect to the switch inside AND scab onto the power supply.
Printer + network scanner/document grabber completely hidden.
Today it's even easier... Shiva plug with a HP sticker on it and it will go unnoticed for months.
Re:tried that with a Flip cam (Score:5, Insightful)
Printer is indeed a better choice.
Some printers can have a full attack kit loaded and have WiFi. While most printers are yet to be hacked, the possibility is there. The bigger ones have a fully blown OS of some description doing the management functionality. Some of it is also hopelessly out of date securitywise. I have seen stuff like Win2000 being used on the print centers by one well known big company. Rooting that is trivial.
The ones that cannot be routed can still have a MIM put in between their built-in network functionality and the customer network. If done properly it will _NOT_ have any "cables sticking out" either. A microcontroller with two Ethernets which bridges between the printer original Ether and a fake one sticking out can be put in something the size of an match box nowdays. With most IT depts putting indiscriminately power over ethernet nobody will notice if it is powered from the net. And so on. There are lots of variations on this theme and having "more than one cable sticking out" actually means a very lame job on the side of whoever did it.
Re:That old saying applies (Score:4, Insightful)
The point is that your situation is unlike most, especially small businesses who will generally run on a "How much will i cost to do it right? OK, you get half that," budget.