Embedded Threats

Help! The office equipment is rebelling!   

Industrial Espionage has been around for a very long time.  It is even rumoured that Russia’s version of Concorde, nick named Concordeski was largely built on the back of industrial espionage. (BBC website)   In essence, the reason for industrial espionage is to obtain “the answers” without any of the expensive hard work.

In the old days before computers were widely used, industrial espionage relied on physical tactics such as breaking into offices and taking pictures of documents, pillow talk or bribing cleaners to lay their hands on documents. However as discussed by Sinha (2012), there are a wide and varied number of methods for committing industrial espionage in the modern world.

             The proliferation of advanced equipment within the office space means that the possibility of performing industrial espionage has the new vector of being able to exploit embedded technology.

Video conferencing, also known as tele-presence, has become hugely popular, largely due to the rising cost of fuel and the wish to reduce amount of time wasted in travel. Chernikoff (2008) reported in the New York Times that the sales of video conferencing equipment, made by Polycom, had increased by about 58% from the last quarter of 2007 to the first quarter of 2008.

Ironically, Perlroth (2012) of the same paper reported that HD Moore, the developer of the Metasploit hacking framework, had found video conferencing systems of several top venture capital and law firms, along with pharmaceutical and oil companies were very easy to access. The article explains that although the systems produced by top manufacturers such as Polycom can cost as much as 25 thousand dollars; they are actually being installed and configured incorrectly, thus leaving them open to hackers via the internet

The fact that these systems are usually located within board rooms and have built in cameras and high quality microphones mean that they have everything required to perform high levels of industrial espionage in a situated in a location behind “closed doors” 

It is not just video conferencing systems that are at risk of exploitation.  Printers are used to print off all sorts of highly important and classified documents within almost every single company on Earth.

One of the most recent and interesting academic investigations into printer exploitation was researched by Ang Cui and Salvatore J Stolfo of Columbia University based in New York.

(Cui, 2011a)

As can be seen from the above slide taken from their conference session at the Chaos Communication Congress (28C3) , they used IDC WorldWide Quarterly Hardcopy Peripherals Tracker to find that in August 2010 Hewlett Packard had 41 percent of the market share in Printers.

Cui and Stolfo (2011) concentrated on HP printers and found that a large number were vulnerable to accepting untrusted firmware updates due to a lack of authentication. During the conference they showed that a printer could be updated with a rogue version of the firmware that could send documents to another system outside of the company firewall.

 The delivery mechanism for updating a printer with an altered firmware could be as easy as printing a PDF document received via email that contains a Printer Job Language (PJL) firmware update command.  

The exceptional work carried out by Columbia University demonstrates the importance of Reverse Engineering in computer security research.

  It has been historically assumed that embedded hardware based systems are harder to breach than normal PC based software because it requires a certain level of technical knowledge and ability to extract and understand the embedded code and how it interacts with the hardware. However, in the modern world, this is no longer the case and there are plenty of tools that can be used to make reverse engineering a lot easier than before.

(Cui, 2011b)
Printer Formatter Board

As can be seen in the picture above, Columbia University were able to dismantle a HP printer and examine the hardware.  This in turn meant that they were able to gain a high degree of understanding of the hardware involved and the various components that the software controls.

A good example of how this knowledge was used was when Cui and Stolfo (2011) tested the idea that they might be able to use the heating element within the HP Laser Printer to set fire to pieces of paper.  Examination of the hardware showed that the heating element was connected to a safety cut off switch that disabled the heater when it became too hot.  The closest they came to setting fire to a printer was a slightly singed pieced of paper that occurred before the safety switch was activated.

Ironically, the popular press caught onto the idea of printers catching fire through rogue firmware updates and published pictures of printers on fire without understanding the findings of Columbia University's findings.  Although in this instance it is not possible to cause fire, there are likely to be a number of undiscovered real world devices that could be used to cause serious physical damage as it has been assumed that it would not be hacked and lack the required safety cut-off switch.

Wyrick (2011)
The efficiency of attacking embedded devices, such as a printer or thermostat came to light when Gorman (2011) of the Wall Street Journal reports that a complex hacking operation had occurred against the US Chamber of Commerce for over a year by hackers with links to China. Even though most of the malicious software has been removed from their systems they still find suspicious activity occurring, such as a printer used by Chamber Executives suddenly printing Chinese characters and a network enabled thermostat in a Chamber owned townhouse was communicating with an internet address in China.

= = =

How Computers work


Chernikoff N. (2008)
 ‘Videoconferencing gains as travel costs rise’
New York Times, 3rd June, [Online]
(Accessed 11th December 2012)

Cui A,(2011)
Printer Formatter Board and Printer Table  [Online]
Chaos Communication Congress (28C3), Berlin, 27th – 30th December
(Accessed: 12 December 2012) 

Cui A., Stolfo S.J.  (2011)
‘Print Me If You Dare’
Chaos Communication Congress (28C3), Berlin, 27th – 30th December
(Accessed 11th December 2012)

Gorman, S. (2011)
China Hackers Hit U.S. Chamber’
Wall Street Journal ,21st December, [Online]
(Accessed 11th December 2012)

Perlroth N. (2012)
‘Cameras May Open Up The Boardroom to Hackers’
New York Times, 22nd January, [Online]
(Accessed 11/12/2012)

Sinha, S.(2012)
‘Understanding Industrial Espionage for Greater Technological and Economic Security’ 
Potentials, IEEE , 31(3) pp.37-41,
IEEEXplore [Online]
(Accessed: 6 January 2013)

Wyrick T (2011)
‘New Printer Exploit Could Really Burn You Up!’
Techcitement*,30th November

(Accessed 1 February 2013)

No comments:

Post a Comment