[Cryptography] trojans in your printers

Henry Baker hbaker1 at pipeline.com
Fri Feb 27 00:26:14 EST 2015


At 12:05 AM 2/26/2015, Peter Vils Hansen wrote:
>I think this is probably the best general approach to keeping devices
>that shouldn't connect to the Internet away from the Internet.  Start
>by shutting off access for all devices by configuring your router to
>use a whitelist-only approach and clear the whitelist.  Then add one
>device at a time, on a need-to-have-access basis.  It's a common
>firewall configuration policy that should work well for most households.

This might work for what I would call a "minimally-hacked"
printer.  However, if someone really wants to hack your printer,
they might as well go all the way, and have it monitor your
local wifi network to figure out who's top dog.  Then start
spoofing MAC and IP addresses.  It could also launch an all-out
assault on your router, assuming that it hasn't already been
compromised.  A simple firewall may not slow any hacker down
very much.

When was the last time HP/Canon/Epson/... offered to upgrade
the SW on your printer in order to improve its security?  How
many incredibly serious bugs have been found in embedded
SW security suites in the last two years?  How many of these
fixes have been pushed out to these embedded devices?



More information about the cryptography mailing list