[Cryptography] trojans in your printers

John Denker jsd at av8n.com
Thu Feb 26 19:32:46 EST 2015 

On Thu, Feb 26, 2015 at 4:11 AM, Ray Dillinger <bear at sonic.net> wrote:
>>
>> In the second place my printer has no need - ever - to send or recieve
>> a packet outside my home area network, and therefore its address does
>> not have a hole in the firewall, in either direction, on any port.

>> [....] I can't even fully trust that.

On 02/26/2015 01:05 AM, Peter Vils Hansen wrote:

> I think this is probably the best general approach to keeping devices
> that shouldn't connect to the Internet away from the Internet. Start
> by shutting off access for all devices by configuring your router to
> use a whitelist-only approach and clear the whitelist. Then add one
> device at a time, on a need-to-have-access basis. It's a common
> firewall configuration policy that should work well for most
> households. Unfortunately, the vast majority of users tend to think
> about security until they've been hacked.

I don't think that's good enough nowadays.

Bear said it's not to be "fully" trusted.  Forsooth, I 
don't trust an ordinary firewall at all, for the following
reasons:

Let's think about where the threat is coming from.  On
a scale from ScriptKiddies to EquationGroup, the kiddies 
are not the ones trojanizing your printer, BIOS, and disk 
firmware.

It seems prudent to assume that anybody who is badass 
enough to hack your printer will not hesitate to use a 
stolen IP address ... and MAC address.  The printer or 
toaster or whatever (i.e. Edith) can just passively 
listen to local traffic until it sees an address that 
seems to be working (i.e. Margaret) and use that.
  http://en.wikipedia.org/wiki/Dead_Ringer_(1964_film)

For purely outbound traffic, Edith can send pretty much 
whatever it likes.  Inbound traffic is almost as easy.
The remote party injects some packets into one of 
Margaret's traffic streams.  They fly right through
the firewall, and Edith just scoops them up.  If 
Margaret's connection is encrypted, so much the better.
The injected packets will be malformed, so Margaret 
will blissfully ignore them.  Edith however decodes 
them just fine, using a different algorithm.

Using current technology, the firewall has no way of 
detecting this, let alone preventing it.  The only box 
that has a chance of detecting it is Margaret.  It 
"might" notice its MAC address being abused, but what 
does it do then?  Write about it in some log file that 
never gets looked at?

If Edith waits until Margaret goes offline, any chance of
detection goes away.

I can imagine some sort of über-firewall that might be
able to deal with this, authenticating each host separately,
in effect creating a virtual circuit, perhaps using IPsec 
or the like.  Thinking out loud here, it appears that odd
as it may sound, wireless might be more secure than wired 
ethernet in this regard:  Some base stations are smart 
enough to handle multiple ESSIDs.  If you give each device 
own ESSID and password, it would make the Dead Ringer 
scheme more difficult.

One could imagine revising the WPA specs to make this 
a lot better and a lot more user-friendly.  One could
imagine doing something similar with wired networks,
at layer 2.  Start from the assumption that the wired 
electromagnetic field is just as vulnerable as the 
radiated field, and proceed from there.

===================
===================

By the way, just for fun, why do we call them trojans?
   http://www.imdb.com/title/tt0751813/quotes

Sir Humphrey Appleby: I put it to you, Minister, that 
you are looking a Trojan horse in the mouth!

James Hacker: If we look closely at this gift horse, 
we'll find it full of Trojans?

Bernard Woolley: If you had looked a Trojan horse in 
the mouth, Minister, you'd have found Greeks inside.

More information about the cryptography mailing list