Tech Talk Hacking: Printers The New Molotov Cocktail??
This would be a crazy way to get back at your boss. Researchers have found malicous code which could possibly set your printer on fire. Check out the full story after the jump.
+TatWZA
X
Shotta Dru on Google+
Malicious firmware installed on HP LaserJet printers could result in print jobs being forwarded to a remote machine, according to Columbia University researchers.
Columbia University researchers demonstrated a bug in common office printers that could be used to forward documents to a remote computer or to remotely send commands that heat up and physically damage the printers, according to a Nov. 29 MSNBC.com report.
Professor Salvatore Stolfo and researcher Ang Cui of Columbia University’s School of Engineering and Applied Sciences showed how a remote machine can scan a document, in this case a tax form, and post sensitive data such as Social Security numbers to Twitter.
Malicious perpetrators can compromise a printer just by tricking a user into printing a booby-trapped document, according to Cui and Stolfo. There is also another way, in which printers configured to print jobs over the Internet can be remotely updated with malicious firmware without the printer owner’s knowledge or awareness, the researchers said.
“These devices are completely open and available to be exploited,” Stolfo said, noting that these machines are commonly connected to the Internet.
The idea that printers can’t be compromised “is nothing new,” Jonathan Gossels, CEO and president of IT compliance and security consulting firm SystemExperts, told eWEEK. Modern printers have always been vulnerable to attack because they are “sophisticated computers in their own right,” he said.
Detecting the malicious firmware would be nearly impossible, according to Cui, since no modern security tool has the ability to scan or repair software running on embedded systems such as printers.
While Cui and Stolfo used Hewlett-Packard’s line of LaserJet printers and the Remote Firmware Update process in their demonstration, they said other vendors’ printers are similarly vulnerable. HP LaserJet printers tend to check to see if a firmware upgrade is included in the data being sent with a print job, but the researchers claimed the machines do not check for a digital signature to verify the firmware update is actually authentic and from HP before installing the update.
“It’s like selling a car without selling the keys to lock it,” Stolfo said.
HP did not immediately respond to a request for comment but told MSNBC that the printers have required digitally signed firmware updates starting in 2009, so the researchers must have used older models. The researchers denied the claim, saying they bought the printer at a major office supply store.
Keith Moore, chief technologist for HP’s printer division, told MSNBC that the likelihood of such an attack is slim.
“Regardless of whether HP is right that newer LaserJet printers are protected against the vulnerability or not, it’s clear that there may be many devices which are potentially at risk of attack,” Graham Cluley, senior technology consultant at Sophos, wrote on the Naked Security blog.
Stolfo and Cui also noted that a hijacked printer could be used to launch attacks on other computers within the corporate network. HP’s Moore said standard print jobs could not be used to initiate a firmware upgrade. Only specially crafted files sent directly to the printer from the Internet can, he said. If that’s the case, this kind of attack could be launched against printers connected to the Internet, but printers behind a corporate firewall would be safe from attack, Moore claimed.
The researchers also demonstrated how sending continuous commands to a printer could cause it to heat up and smoke. The HP printer shut down before a fire could break out, but researchers believed other printers may not have the same kind of thermal switch to protect the machine. This gives attackers “a dangerous new tool that could allow simple computer code to wreak real-world havoc,” MSNBC.com reported.
A malicious individual trying to set a printer to catch fire is “downright unlikely,” but the fact that HP has a huge market share in printers means “a potentially large number may now be more vulnerable to ordinary exploitation,” Gossels said.
THE BLOG
HOT 97
LINKS
MUSIC
Bobby Konders Presents: Massive B Legacy, Vol. 1
Release Date: November 19th, 2018 Bobby Konders Presents: Massive B Legacy – Volume 1 is now available and includes ten features on ten tracks. Burro Banton, Vybez Kartel, Bounty Killa, Sizzla, T.O.K., Elephantman, Richie Spice, Chezidek, Chronicle, and King Kong. You can listen on Apple Music, Spotify, and Tidal.
#MusicStillMatters New Music: A Boogie – Nice For What
A boogie gave fans a snippet of this one via his instagram. Finally after all the request to drop the full version from fans – here it is. Check A Boogie’s version of “Nice For What.” Listen below.
#MusicStillMatters New Music: Dave East – Imagine
Dave East is set to release the 2nd installment of his “Karma” series, next week on July 27. Check out this new one off the tape called “Imagine.” Listen below.
#MusicStillMatters New Music: 070 Shake – Accusations
The G.O.O.D. Music rookie 070 Shake releases a new one called “Accusations.” Listen below.
(Video) Tony James – Sweat Slow
Toronto’s very own Tony James has released his major label debut single and visual for “Sweat Slow.” Tony says this one “Is about the one that got away, so we wanted to show the beautiful, happy women representing the ex-girlfriends of the men who took them for granted.” Look out for more from Tony this…
#MusicStillMatters New Music: Childish Gambino – Summertime Magic / Feels Like Summer
Childish Gambino aka Donald Glover follows up his video/song “This Is America” with not only one, but two records for the summer. The “Atlanta” creator tweeted “summer pack,” with a link to his songs, “Summertime Magic” and “Feels Like Summer.”
#MusicStillMatters Stream: Meek Mill – Legends Of The Summer
Meek Mill decided to treat his fans to new music when he dropped a new EP called “Legends of the Summer.” the 4-track tape features Swizz Beatz, Jeremih and PNB Rock. Stream below.
#MusicStillMatters Stream: Future – Beast Mode 2
Future links up with Zaytoven for the follow up to 2015’s “Beast Mode” titled “Beast Mode 2” which includes 9 tracks with a feature from Young Scooter. Listen below.
#MusicStillMatters New Music: T-Pain – Boo’d Up (Remix)
First it was Nicki Minaj and Quavo who put their touch on the track to mixed reviews. Then Fabolous laid his verse on the hit single. Now, T-Pain decided to give his take on the track. Listen below.
TECH TALK
We Know What YG’s Next Purchase Will Be: This ALL RED Special Edition iPhone!
An all red iPhone is on the way – I’m sure much to the delight of the Bloods. LOL! A special edition red version of the iPhone 7 and 7 Plus have been introduced, in celebration of the 10-year anniversary of Apple’s partnership with HIV/AIDS organization, (Red).
(Video) Apple Unveils New Spaceship Campus Called “Apple Park”
One of Steve Jobs projects he left behind before his untimely death from pancreatic cancer, was the Apple spaceship campus. Take a look.
(Video) Lil Wayne Featured In EA’s ‘Need For Speed: No Limits’ Game
While we still have no Carter 5 in sight, we can at least get SOMETHING from Lil Wayne in the form of EA’s new mobile game, Need For Speed: No Limits. Players can drive as Weezy in the game, and both his voice and likeness are there for fans to enjoy. Tune is also working…
Sprint Purchases 33% Stake In Jay-Z’s Tidal
Power moves on power moves on top of power moves. Hov just struck a big deal for Tidal and the artists who have stake in the company as well, through Sprint.
(Video) Travis Scott Previews New Heat On Snapchat
Looks like Travis Scott is cooking something up…Astroworld this year?
Azealia Banks Has Been Banned From Facebook
AzealiaBanksVEVO Well, that took longer than expected.
(Video + Photo) Ariana Grande Got Her Own Character In “Final Fantasy: Brave Exvius” Game
Soon you’ll be able to play as Ariana in Final Fantasy and she broke the news to her fans yesterday.
SoundCloud Makes A Major Update That MANY People Will Be Happy About!
When SoundCloud first came out, it quickly became a hub for DJs, uploading their mixes and gaining a decent following because of it. However, as labels became more hip to the new site, they began issuing copyright infringements left to right, and DJs began leaving the streaming website in droves – especially because their accounts…
MARISA EXPLAINS IT ALL
Marisa Mendez x Jamal x Tunisia – Marisa Explains It All [Episode 16: “Holiday Hangover”]
We’ve made it to episode 16 of my podcast, Marisa Explains It All, and I finally decided to share it with you guys here. LOL! On this episode, we pre-gamed before the Ebro In The Morning holiday party…and uh, yeah. Drunk talk and feelings were at an all time high. Our music picks are as…
Behind The Lyrics: Lil Wayne Admits To Botched Suicide Attempt As A Child On “London Roads”
Lil Wayne has long recounted a story of “accidentally” shooting himself when he was 12, playing with a 9 mm handgun. Thankfully, an off-duty cop was around to help young Tune, and he survived to become the rap star he is today. Apparently, that wasn’t the whole story, though! On “London Roads”, a song from…
(Video) Machine Gun Kelly Finally Opens Up About Amber Rose
Machine Gun Kelly is one of my favorite artists and has been a good friend of mine for years now, so it was double the blessing to make my Hot 97 interview debut with him on Ebro In The Morning today! The Bad Boy rapper stopped by to discuss his new single and its powerful…
Behind The Lyrics: Wiz Khalifa Comes For Amber’s Neck On “For Everybody”
Last night, Juicy J dropped his Wiz Khalifa-assisted single “For Everybody,” and boy did Wiz have some choice words for his ex Amber Rose on the track! And to drive the point home, they included a photo of themselves at his wedding to Amber as the song’s artwork.
(Video) Honey Cocaine Plays A Hilarious Game Of Taboo
Toronto-bred raptress Honey Cocaine made her rounds at Hot 97 a few weeks back, promoting her latest mixtape Like A Drug, and its 2 singles, “Gwola” featuring Kid Ink and Maino, and “None Of My Business” with Kirko Bangz and Constantine. Following her dope interview with Jen From BK for Jen’s “Ladies First” segment, I…
Interview: Machine Gun Kelly On Debut Film: “I hope that it kind of strikes a social issue…” [PLUS Details On Sophomore Album!]
This Friday, Colson ‘MGK‘ Baker will make his big-screen debut, starring as Kid Culprit in the romantic drama, Beyond The Lights. Since his 2012 Bad Boy/Interscope debut Lace Up and his breakout single “Wild Boy,” Kells has toured the world and shot not only Beyond The Lights, but two more as-of-yet unreleased films as well.…
Elijah Blake Gives 7 Tips How NOT To Act Around A Celeb, Plus Talks New EP, His First Big Check & More!
Singer/songwriter Elijah Blake has worked with a majority of the biggest names in the music business from Rihanna, Justin Bieber, Usher, Mary J and more, either having written for them or being featured on their songs. Now with his recently released Drift EP (available on iTunes here,) the talented Def Jam signee sat down to…
IFWT Exclusive: Maino Gives Us The REAL Story Of What Happened With The Porn Star!
Maino is currently being sought out by the NYPD for questioning, after an adult film star accused him of assaulting her inside of his truck after they partied at Griffin on Monday night with Drake, Ashanti, JR Smith and more. According to the police report filed by the porn star, Mellanie Monroe, “he started punching…
Mila J Reveals The Real Deal Between Her & A Rumored Beau, Plus Talks New EP, Diet/Workout, Her Mains & More!
Gorgeous singer/songwriter/dancer Mila J finally released her debut EP M.I.L.A. (Made In L.A.) yesterday, after years of trying out girl groups, various solo ventures, random day jobs and the like. She’s finally found her niche now though, and has seen success with her latest singles, “Smoke, Drink, Break-Up” and the Ty Dolla $ign-assisted, “My Main.”…