‘Printing of Malevolent File Can Expose Entire LAN’

Researcher Ang Cui exposed the procedure in which one could install capricious software into HP printers, either by setting it in a malevolent file or by creating a link with online printer, according to news by boingboing reported on December 30, 2011.

Cui's method for contaminating printers made use of confined Printer Job Language, instead of PostScript, and inserted code into procedures running on printer. It was indeed an effective custom rootkit for the printer's operating system.

In the process, the first attack included the downloading of document, and setting the printer for emailing any upcoming print requirements to a specific IP address. In the following attack, the printer was used to scan for susceptible PCs which were linked to identical net.

The assaults, which were carried on HP printers, were result of quash engineering the firmware update method. Before making the details public, the researcher gave the HP printer one month to issue patches to the firmware. The users should always test out such hacks as possibly a printer, infected prior to the patch update, may mistakenly inform about the update.

Cui has formed an instrument HPacker, which can take a tainted firmware image and repack it a suitable RFU format for updates. It can also examine existing memory losses. Earlier similar attacks were reported in a wrong manner. The story of reverse-engineering is an incredible glance at the skill and practice of discovering safety susceptibilities. The cases the researcher thought for receiving malicious software into printers were exceptionally good, like sending resume to Human Resources, waiting for them to publish it, taking over the network and putting up the matter with the company.

Apparently, printers burning into flames or overheating are no genuine threats, but those which make copies of the printed documents and circulate them via public websites are real intimidation.

However, Cui is apprehensive that printers from other manufacturers may contain similar malfunctions. The detection of the vulnerability in many HP printers since 2005 enables to notify the company effectively within time.

As such, Cui recommends the owners of HP printers to implement the latest patch as malwares could be designed to take over the printer and then falsely notify the customer with the acknowledgement of the patch.

Related article: “Loopholes did not cause online banking thefts”: ICBC

» SPAMfighter News - 1/9/2012