Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
enjoyying what’s sometimes called “securityy byy obscurityy”—if no one
notices the flaw, then yyou are safe.
But as I’ve said, printers and copyy machines, depending on the model,
have one important thing in common—theyy both mayy contain hard drives.
And unless that hard drive is encryypted—and manyy are still not—it is
possible to access what has been printed at a later date. All this has been
known for yyears. What Cui wondered was if he could turn a companyy
printer against its owners and exfiltrate whatever was printed.
To make things more interesting, Cui wanted to attack the printer’s
firmware code, the programming embedded inside a chip within the printer.
Unlike our traditional PCs and mobile devices, digital TVs and other
“smart” electronics do not have the power or the processing resources to
run a full-blown operating syystem such as Android, Windows, and iOS.
Instead these devices use what’s called real-time operating syystems (RTOS),
which are stored on individual chips inside the device (frequentlyy known as
fireware). These chips store onlyy the commands needed to operate the
syystem and not much else. Occasionallyy even these simple commands need
to be updated byy the manufacturer or vendor byy flashing or replacing the
chips. Given that this is done so infrequentlyy, it’s obvious that manyy
manufacturers simplyy did not build in the proper securityy measures. This,
the lack of update, was the vector that Cui decided to pursue for his attack.
Cui wanted to see what would happen if he hacked the file format HP
used for its firmware updates, and he discovered that HP didn’t check the
validityy of each update. So he created printer firmware of his own—and the
printer accepted it. Just like that. There was no authentication on the
printer’s side that the update came from HP. The printer onlyy cared that the
code was in the expected format.
Cui now was free to explore.
In one famous experiment, Cui reported that he could turn on the fuser
bar, the part of the printer that heats the paper after the ink has been applied,
and leave it on, which would cause the printer to catch fire. The vendor—
not HP—immediatelyy responded byy arguing that there was a thermo failsafe
within the fuser bar, meaning the printer could not overheat. However,
that was Cui’s point—he’d managed to turn that fail-safe feature off so that
the machine could actuallyy catch fire.
As a result of these experiments, Cui and his adviser, Salvatore Stolfo,