[Cryptography] trojans in your printers
John Denker
jsd at av8n.com
Thu Feb 26 19:32:46 EST 2015
On Thu, Feb 26, 2015 at 4:11 AM, Ray Dillinger <bear at sonic.net> wrote:
>>
>> In the second place my printer has no need - ever - to send or recieve
>> a packet outside my home area network, and therefore its address does
>> not have a hole in the firewall, in either direction, on any port.
>> [....] I can't even fully trust that.
On 02/26/2015 01:05 AM, Peter Vils Hansen wrote:
> I think this is probably the best general approach to keeping devices
> that shouldn't connect to the Internet away from the Internet. Start
> by shutting off access for all devices by configuring your router to
> use a whitelist-only approach and clear the whitelist. Then add one
> device at a time, on a need-to-have-access basis. It's a common
> firewall configuration policy that should work well for most
> households. Unfortunately, the vast majority of users tend to think
> about security until they've been hacked.
I don't think that's good enough nowadays.
Bear said it's not to be "fully" trusted. Forsooth, I
don't trust an ordinary firewall at all, for the following
reasons:
Let's think about where the threat is coming from. On
a scale from ScriptKiddies to EquationGroup, the kiddies
are not the ones trojanizing your printer, BIOS, and disk
firmware.
It seems prudent to assume that anybody who is badass
enough to hack your printer will not hesitate to use a
stolen IP address ... and MAC address. The printer or
toaster or whatever (i.e. Edith) can just passively
listen to local traffic until it sees an address that
seems to be working (i.e. Margaret) and use that.
http://en.wikipedia.org/wiki/Dead_Ringer_(1964_film)
For purely outbound traffic, Edith can send pretty much
whatever it likes. Inbound traffic is almost as easy.
The remote party injects some packets into one of
Margaret's traffic streams. They fly right through
the firewall, and Edith just scoops them up. If
Margaret's connection is encrypted, so much the better.
The injected packets will be malformed, so Margaret
will blissfully ignore them. Edith however decodes
them just fine, using a different algorithm.
Using current technology, the firewall has no way of
detecting this, let alone preventing it. The only box
that has a chance of detecting it is Margaret. It
"might" notice its MAC address being abused, but what
does it do then? Write about it in some log file that
never gets looked at?
If Edith waits until Margaret goes offline, any chance of
detection goes away.
I can imagine some sort of über-firewall that might be
able to deal with this, authenticating each host separately,
in effect creating a virtual circuit, perhaps using IPsec
or the like. Thinking out loud here, it appears that odd
as it may sound, wireless might be more secure than wired
ethernet in this regard: Some base stations are smart
enough to handle multiple ESSIDs. If you give each device
own ESSID and password, it would make the Dead Ringer
scheme more difficult.
One could imagine revising the WPA specs to make this
a lot better and a lot more user-friendly. One could
imagine doing something similar with wired networks,
at layer 2. Start from the assumption that the wired
electromagnetic field is just as vulnerable as the
radiated field, and proceed from there.
===================
===================
By the way, just for fun, why do we call them trojans?
http://www.imdb.com/title/tt0751813/quotes
Sir Humphrey Appleby: I put it to you, Minister, that
you are looking a Trojan horse in the mouth!
James Hacker: If we look closely at this gift horse,
we'll find it full of Trojans?
Bernard Woolley: If you had looked a Trojan horse in
the mouth, Minister, you'd have found Greeks inside.
More information about the cryptography
mailing list