Tuesday, November 29, 2011

Columbia Prof Calls Out HP : “It's like selling a car without selling the keys to lock it,”

“It may ultimately lead to telling everyone they just have to throw their printers out and start over,” he said. "Fixing this is going to require a very coordinated effort by the industry," Stolfo said.

It's Deja Vu, all over again.

First it was security breaches related to our hard drives.  Then it was the toner particles - as dangerous as toast.  Next toner bombs.

Today, a group of Colombia students and one very smart professor are ringing the warning bell.  This time, 50 million devices fall under the scrutiny of The Columbia University Intrusion Detection Systems Lab.

At first, I laughed. ALL HP printers are shipped "wide open" - I've seen it myself when in training, we intercepted print streams, changed the amount and the pay-to-the-order-of name and printed a check.

It's not that difficult, does not exclusively apply to HP and has been a known phenomena for decades.

And then there was the toner particle scare - great headlines, but in reality, toner dust is about as harmful as toast particles...snore...

And who will ever forget the plastic-explosive-in-the-HP-toner-cartridge trick, Al Kinda, pulled - genius.

So yes, I mock the prof and his merry band of do-gooders - PhD and Master's.  Who wouldn't? I mean it is so very easy to sit on the sidelines, reverse engineer some code(even down to the chip level, who the hell has time to do THAT?) and hold press conferences spewing spectacular doom and gloom claims?

And yet...this article intrigued then opened my mind.  Holy Crap!  What if ?

HP denies.
Columbia demonstrates. An HP fuser overheats and shuts down.  Turning paper burnt-brown.
A virus is loaded, an HP displays  "Erasing...Programming...Code Update Complete."
HP has no comment.

Columbia's Intrusion Detection Systems Lab,
led by professor Salvatore J. Stolfo (center). 2009
We will see how the next few days shake out.  Is this a loaded gun aimed at 100 million printers?

Will Al Kinda flash all the output devices in the world, causing the greatest power spike in history?

Will more trees die?

The anticipation is excruciating...




Article Here.


"The problem is, technology companies aren't really looking into this corner of the Internet. But we are," said Columbia professor Salvatore Stolfo, who directed the research in the Computer Science Department of Columbia University’s School of Engineering and Applied Science. “The research on this is crystal clear. The impact of this is very large. These devices are completely open and available to be exploited.”


Click to email me.

Reactions:

0 comments:

Post a Comment