Spam has a new target, and it's your printer. By using a little-known capability found in most Web browsers, Aaron Weaver, a security manager from Pennsylvania, figured out how to hack into a printer. In a research paper published Tuesday on the Ha.ckers.org Web site, Weaver described how he launched the attack successfully with both the Internet Explorer and Firefox browsers. And he has found a way out, too. Because the attack works only on network printers, a printer plugged directly into a PC would not be vulnerable.
The attack is possible because most browsers can connect to the networking port used by most printers to look for new print jobs. So, by using the browser as a stepping stone, attackers are able to connect with something they should never be able to reach: a printer on the local area network. While this type of hack attack hasn't gotten any attention and there are no reports that it's infecting computer sites, Weaver's research uses cross-site scripting attacks and vulnerabilities in the way browsers handle the Internet Protocol.
"There is no precedent for [this hack]," said Robert Hansen, CEO of Web security consultancy SecTheory and owner of the Ha.ckers.org Web site. "But...what he did was marry two different concepts that we've been talking about for a long time." This could be the first step in another bad scenario because if hackers figure out how to send information about their print jobs to the Internet, Weaver's experiment could have far greater security implications. So maybe it's a good idea to turn your printers off for the night or when you are out of the office--because one never knows what might happen if they remain on.
For information on hacking printers:
- Check out this ComputerWorld article [1]
Links:
[1] http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9056688&intsrc=hm_list