Printer security

[Vandroiy]

The topic of paper wallets came up a lot recently, so I just wanted to make sure everyone is aware there has been a major hacking method disclosed for massive amounts of HP printers.

http://www.cccblog.org/2011/11/29/millions-of-printers-open-to-hack-attack/

I don't have the sources, but the CCC did a talk about it somewhere, use Google if you haven't heard yet. Basically, if you have one of the endangered printers with re-writable firmware restoration memory, either figure out how to check it or destroy it.

Needless to say, this goes for Casascius especially. Do you use an HP printer, and if so, can you perform checks on the memory banks involved? From what I know, there are sometimes two of them, both idiotically unprotected: the active firmware and the factory restoration memory.

[1714092874]

1714092874

[DeathAndTaxes]

My understanding (and it would be what I do) is that Cascius generation and printing machine is disconnected from the network.  Cold Isolation. 

The combination of Linux, live CD w/o persistence, and non-network should keep any generation machine secure. 

Still hackers are interesting people.  Pretty funny if someone has an encrypted document so the hackers just steal a copy from printer memory.   I am sure in time someone will come up w/ printers that accepted encrypted print spool and use public/private key signing for firmware changes.  That is why I like hackers.

[casascius]

I didn't use any HP printers in the production of physical bitcoins.  Nothing had network access either.

[Vandroiy]

Ah, Casascius, that's good to hear. Still might not hurt to check whether the printer is capable of remembering stuff -- probably best to not connect it to the net again unless this can be ruled out.

I'm astonished that HP printers were not using signed firmware updates, or at least have a security switch for flashing it! That's not a question of adding a feature, that's an unacceptable blunder in terms of security! It never ceases to amaze me how little companies care for security.

What's worse, some documents were able to auto-flash a printer they're printed on. That way, hackers are able to infect perfectly firewalled printers. Insanity!

[casascius]

I used a consumer-grade inkjet to print everything, a deliberate security-related decision (based on my belief that I'd have an easier time detecting laser toner from the outside if I as a hacker had things like radiation or medical imaging technology at my disposal).

I'd expect it to be quite a stretch for it to have a hack at all at this point for my inkjet, let alone one that is advanced enough to queue print jobs into what limited memory it probably has, wait for later network access, and forward them to an attacker.  The day my sort of printer generates internet traffic coinciding with the size of incoming print jobs will be the day millions of others do as well, something unlikely to go unnoticed by sysadmins around the world.  Something I would expect to see long before hacks progressed to storing and forwarding jobs printed while the printer had no network connection.  We also don't print much on that printer in the first place, so the vector of a firmware flash riding on a document into that printer has been virtually non-existent.

Interesting proposition though.  I have already printed all the private keys I expect to use for a very long time so that I could wipe the disks that contained them (total printed 29000 keys, only about 6500 used).  But next batch perhaps justifies an inkjet printer lacking network capability entirely, especially if for nothing else, if I use up 29k keys, the next batch will probably be much larger.

[DeathAndTaxes]

I'm astonished that HP printers were not using signed firmware updates, or at least have a security switch for flashing it! That's not a question of adding a feature, that's an unacceptable blunder in terms of security! It never ceases to amaze me how little companies care for security.

Sadly features sell, security doesn't.

Most consumer grade motherboards also allow unsigned firmware changes which now allows BIOS resident viruses & rootkits.  You can drop a brand new HDD in, w/ clean install and be compromised from day 1.  The advent of windows bios update utilities now makes BIOS/firmware resident malware more of a threat.

[gnar1ta$]

So for those of us who don't have computer science degrees and ocasionally print paper wallets, what can be done to lower the risks? 

[casascius]

So for those of us who don't have computer science degrees and ocasionally print paper wallets, what can be done to lower the risks? 

I had suggested "wallet seeds" on another thread.  And printers that connect strictly via USB are going to be immune...

[Vandroiy]

So for those of us who don't have computer science degrees and ocasionally print paper wallets, what can be done to lower the risks? 

Hm... I figure the risk isn't all that high unless someone either detects your bitcoin address format or knows you have enough coins to be worth stealing and manually targets you. I'd say just stay up2date about your printer's firmware and possible news concerning it.

But I'm really not well-informed about this, just thought I might bring up the topic. Most likely, the chaotic nature of everything will prevent hacks from causing much harm in most cases, since viruses don't really know what to look for.

Anyways, bottom line: check that printer firmware is up to date, especially on HP network printers, very especially if it has not been patched since the hacking party began in November or whenever it was.

And printers that connect strictly via USB are going to be immune...

I'd not be so certain about that. We know they can be infected using a rigged document, so outputting the data from the infected printer would be the problem. But USB-device-to-computer hasn't exactly been mankind's safest channel in the past, I think on WinXP one can still claim to be/have a HDD on USB and then insert malware via some rigged Autorun, unless that has been properly disabled. A rigged printer can claim to be an USB hub and emulate whatever insane structure of devices!

Hardware that executes arbitrary low-level assemblies is evil. Patch the printers, stop that from happening, or else people will find ways to abuse it eventually.

[phillipsjk]

I don't have the sources, but the CCC did a talk about it somewhere, use Google if you haven't heard yet. Basically, if you have one of the endangered printers with re-writable firmware restoration memory, either figure out how to check it or destroy it.

Laser printers have always been full-fledged computers. The Original Apple LaserWriters had more CPU and memory than the computers they were typically hooked up to (running a GUI).

Being able to hack your printer is a good thing: if it is properly documented. It allows you to replace the firmware with your own firmware, for example.

As a rule of thumb, if it has built-in network access, it is a full-fledged computer. Before printing bitcoin you should determine how to isolate the printer from the network (not so easy with built-in wireless capability), and how to clear the memory afterward. I am not sure how far you will get asking the manufacturer how to clear the memory and restore the original firmware.

One thing the printer manufacturer won't want to talk about is any Currency Detection Module that may be present (especially colour models).

[casascius]

Hm... I figure the risk isn't all that high unless someone either detects your bitcoin address format or knows you have enough coins to be worth stealing and manually targets you. I'd say just stay up2date about your printer's firmware and possible news concerning it.

But I'm really not well-informed about this, just thought I might bring up the topic. Most likely, the chaotic nature of everything will prevent hacks from causing much harm in most cases, since viruses don't really know what to look for.

Anyways, bottom line: check that printer firmware is up to date, especially on HP network printers, very especially if it has not been patched since the hacking party began in November or whenever it was.

What I'd expect to see long before then, is a browser "helper" object that looks for well-formed bitcoin addresses in web pages, and replaces them from a list of addresses belonging to an attacker.  That's a path of far less resistance for an attacker that would yield the same thing (and then far more) for an attacker versus hacking printers.  If I think of why one would hack a printer, stealing print jobs is one consideration, but using that printer to run something like OpenVPN and being a launch point for other attacks on that network seems more what a printer hack would be valued for by a hacker.

And printers that connect strictly via USB are going to be immune...

I'd not be so certain about that. We know they can be infected using a rigged document, so outputting the data from the infected printer would be the problem. But USB-device-to-computer hasn't exactly been mankind's safest channel in the past, I think on WinXP one can still claim to be/have a HDD on USB and then insert malware via some rigged Autorun, unless that has been properly disabled. A rigged printer can claim to be an USB hub and emulate whatever insane structure of devices!

Hardware that executes arbitrary low-level assemblies is evil. Patch the printers, stop that from happening, or else people will find ways to abuse it eventually.

Let me put it another way: a USB printer is immune to stealing keys off a paper wallet because it lacks a way to send them to an attacker.  Before someone goes to the effort of rooting a USB printer and making it claim to be a hard drive (which would clearly get noticed), I would expect numerous other viable attacks to be lower hanging fruit - like, for one, attempts to root the computer that's sending the print jobs there, and just stealing them on their way out.

I have never read about regular PC malware that steals print jobs, probably because it's not usually necessary - once malware gives remote control to an attacker, whatever the user is trying to print is probably readable straight off the file system in a native format that's easier to work with, without any need to go after a print queue.

[film2240]

Good informative thread and article.Thanks for that.I'm just glad my printer is a Canon MG5250 inkjet wi-fi MFD and not a vulnerable HP one.I hope that canons wi-fi MFDs aren't vulnerable to this hack/exploit.Great printer to work with (mine),high quality prints/scans/copies (as it can be used as a photocopier as well),relatively easy to use (I didn't even bother reading the manual lol) and prints onto CDs/DVDs as well and its wireless.

I'll make sure that I never get an HP printer anytime soon.

[Phinnaeus Gage]

So for those of us who don't have computer science degrees and ocasionally print paper wallets, what can be done to lower the risks? 

I had suggested "wallet seeds" on another thread.  And printers that connect strictly via USB are going to be immune...

Can I safely assume you read my PM to you?

~Bruno~

[Revalin]

These kinds of attacks are not limited to HP printers.  HP just makes the most popular networked printers, but any networked printer (like your wifi one) can have the same problem.  Embedded firmwares frequently have poor security, unfortunately.