source

Web servers have become commonplace on just about every hardware device from printers to switches. Such an addition makes sense as all devices require a management interface and making that interface web accessible is certainly more user friendly than requiring the installation of a new application. Despite typically being completely insecure, such web servers on printers/scanners are generally of little interest from a security perspective, even though they may be accessible over the web, due to network misconfigurations. Yes, you can see that someone neglected to replace the cyan ink cartridge but that’s not of much value to an attacker. However, that’s not always the case.

One Version of the WebScan interface on an HP scanner

I was recently looking at a newer model of an HP printer/scanner combo and something caught my eye. HP has for some time, embedded remote scanning capabilities into many of their network aware scanners, a functionality often referred to as Webscan. Webscan allows you to not only remotely trigger the scanning functionality, but also retrieve the scanned image, all via a web browser. To make things even more interesting, the feature is generally turned on by default with absolutely no security whatsoever.

The insider threat

With over $1B in printer sales in Q3 2010 alone, and with many of those devices being all-in-one printers, running across an HP scanner in the enterprise is certainly very common. What many enterprises don’t realize, is that their scanners may by default allow anyone on the LAN to remotely connect to the scanner and if a document was left behind, scan and retrieve it using nothing more than a web browser. Ever left a confidential document on the scanner and sprinted back to retrieve it when you realized? Thought so.

Want to know if your office LAN has any wide open HP scanners running? Run this simple Perl script to to determine if there are any devices on the local network running HP web servers.

As everything is web based, an enterprising but disgruntled employee could simply write a script to regularly run the scanner in the hopes of capturing an abandoned document. The URL used to send the web scanned documents to a remote browser is also completely predictable as shown:

A script could therefore also be written to run once per second to capture any documents scanned using the Webscan feature.

The external threat

It’s bad enough that many enterprises are running scanners that are remotely accessible by rogue employees, but what if those same scanners were accessible to anyone on the Internet? Whether intentionally set up as such or more likely accidentally exposed via a misconfigured network, there are numerous scanners exposed on the Internet, the majority of which are not password protected. In fact, HP kindly lets you know on the home page if sensitive functionality is password protected, by displaying the Admin Password status alongside other status information such as printer ink levels and the current firmware version. Interestingly, based on the sample set examined, there was a greater likelihood that HP Photosmart scanners were not locked down as opposed to Officejet scanners. This finding actually makes sense, given that Officejet scanners tend to be marketed to corporate users, a group that is hopefully more likely to implement security protections on hardware/software.

Example Google/Bing queries used to identify open scanners:

• “Estimate only. Actual ink levels may vary.”
• inanchor:”page=printerInfo”
• “Estimated Ink Levels” “HP Photosmart” “Items Needing Attention”
• hp photosmart status “product serial number” “product model number”
• inurl:index.htm?cat=info&page=printerInfo
• inbody:”Estimated Black Ink Level”.

The many variations of the HP web interface ensures that no single query will identify all exposed scanners, but as can be seen, with a little creativity, it is trivially easy to find exposed scanners.

The wall of shame

What sort of things do people leave on their scanners? In researching this article, I saw checks, legal documents, completed ballot forms, phone numbers… and my personal favorite, Jim’s diploma informing the world that he’s now a Certified Mold Inspector – congratulations Jim!

Here are samples of documents remotely retrieved due to corporations using HP scanners that were not password protected, on misconfigured networks that exposed their scanners to the Web.

source

By John Brandon

Published June 11, 2010

| FOXNews.com

• Print
• Email
• Share
• Comments
• Recommend

Just when you thought it was safe to use your computer, hackers have figured out how to attack everyday items. Your printer, your cellphone — even the blender in your kitchen — can be hacked and used against you.

And in the not-too-distant future, as the medical field makes advances with machine-to-human interfaces, even your own body and brain could be at risk.

Here are 10 everyday items that are open to fresh attacks from criminals.

1. Your Car
Vehicles like the Mercedes S550 use a cellular connection that lets you lock and unlock your car remotely. The Chrysler Grand Caravan has an on-board Wi-Fi connection to the Internet. GM vehicles use OnStar to communicate with the outside world; the company even incorporates a kill switch you can use if your car is stolen.

David Perry, a virus expert at Trend Micro, notes that most cars have multiple computers on board and a network of devices that use Wi-Fi, GPS, and Bluetooth. Perry claims “white hat hackers” — the good guys who hack into systems to prove they have security problems — have shown that cars are at risk.

“The future of car theft might easily turn digital,” said Perry. “It might be possible to freeze traffic on a crowded road, stopping enough cars using a Bluetooth hack or a connected mobile phone. These attack vectors are real; what really matters is what the hacker wants to do.”

Car hacking is so new, the auto industry has not addressed the problem fully. You can request that your dealer disable some of these computer systems and wireless networks. Cellular networks protect signals by switching base stations routinely.

2. That New GPS Gizmo
GPS uses orbiting satellites to route you through traffic. According to Robert Siciliano, the CEO at IDTheftSecurity.com, hackers would have a hard time causing trouble with these satellites. But the bad guys can access a GPS device when it downloads updates over the Internet — and then can install a remote access tool and track your whereabouts.

Perry said criminals who tap into your GPS could send you to a shady location, such as an empty warehouse, and then rob you. Hackers also use GPS jammers, readily available online, that confuse the signal and can cause traffic jams and driver errors.

3. Your Cellphone
Your cellphone is an easy target for hacking. Spyware tools that infect your phone are readily available on the Internet, Siciliano says. First you receive a text message with a link offering some free service. When you click the link, the hackers gets full access to your phone.

In one deceptively simple attack, you get a free cellphone in the mail with printed materials that make it look like you can test it for a week and send back. As you test, the phone records video and audio. When you send it back, the hacker uses the personal info against you.

Perry said another dangerous hack occurred in Japan. Hackers tapped into emergency phone services and disabled emergency calling. He said it’s an example of one of the more dangerous exploits — hackers shutting down important city services.

As with any connected device, you can disable Bluetooth, Wi-Fi, and even carrier service when you’re not using the phone. Also, never click text message links from unknown senders.

4. The Front-Door Security System
You bolt the door, install videocams, and add a security alarm — and still the criminals can break in! The reason: a lock bumping technique where a master key — designed for popular locks — unlocks the front door. That video signal, if transmitted over an unsecured Wi-Fi signal, is easy to compromise. And, according to security expert Winn Schwartau from The Security Awareness Company, a zap from a powerful (but expensive) electro-mechanical interference device can disable some alarm systems.

Perry said home automation systems designed for convenience (like the popular Schlage Link) make the front door hackable — criminals can simply intercept the wireless signal to unlock or lock the front door. And if a hacker steals your cellphone, he can access your home with these convenience tools.

But it’s easy to prevent: Enable the password feature that blocks access to your phone. Also, make sure you use strong encryption, such as AES, on your home wireless network.

5. Your Blender. Yes, Your Blender
That’s right: your blender is under attack! Most mixers are self-contained and not hackable, but Siciliano says many home automation systems tap into appliances such as blenders and coffee machines. These home networks are then open to attack in surprising ways: A hacker might turn on the blender from outside your home to distract you as he sneaks in a back window, he warns.

Interestingly, home automation systems such as those from Hawking Technology use wireless networks that home owners install on their own. Many folks simply don’t bother to configure the security options — it’s easier and faster to just run an open (and easy to hack) network.

6. Your Printer
Your printer is open to attack — especially if you use a model that uses a Wi-Fi connection, like the HP Deskjet 6980. That over-the-air signal is probably not as protected as computer connections, which often use industrial-grade encryption, such as AES.

Once a hacker can access your printer, Siciliano says he can read (and steal) anything you print — or the criminals can access the network and your PC to steal data directly.

7. Your New Digital Camera
Yes, even a camera can be hacked.

Any hardware gadget that has local storage, which includes video cameras, digital cameras, and even those cheap and wildly popular Flip cams, can be infected with a virus. Once you connect the cam to your computer, that virus can corrupt the device or provide remote access to spies.

Perry said TrendMicro has identified commercial malware that can run on a video camera or the webcam on your laptop. It records all activity and can be used for spying on you.

8. The Power Sockets in Your Walls
The power in your home is hackable as well, especially as the U.S. moves to a “smart grid” that lets consumers monitor and control their own power consumption.

Perry said the danger is that criminals will figure out how to steal power, use it in their own homes or businesses, and make it look like you’re the consumer. Or hackers could turn off your power, or cruelly jack up the meter to increase your bill.

For now, most of us are safe; the smart grid is more of an idea than a reality, although there are several test deployments across the country. Once the smart grid becomes common, Schwartau said filtering, a method of making sure the power is actually reaching the intended recipients, could help ensure the grid is not hackable. We’ll see.

9. The Human Body
It sounds far-fetched because most of us don’t have that computer-to-human interface installed quite yet. But researchers at MIT have shown how computers can help the disabled walk or play videogames. And it could be just a matter of time before humans are “augmented” this way.

Besides, Perry said, the idea of hacking into a pacemaker is a proven reality, since some of the devices use Bluetooth connections for control. “In several studies, it was shown that hacking a pacemaker was pitifully easy,” he said. “This might be a good example of a cyberkill.”

“I’ve given demonstrations of high power electro-mechanical interference. We had to make sure that folks with pacemakers were at least 100 meters away,” Schwartau said.

10. Even the Human Brain
The last frontier of hacking: stealing information directly from your brain. Once again, research institutions such as Harvard and MIT have shown that it is possible to tap into the brain at some level to control motor functions, such as lifting an arm or blinking.

Criminal control of your brain sounds like science fiction, but Schwartau insists that anything is hackable — even your mind. Perry said hackers already infect the human brain, using a process call social engineering. This involves tricking you into giving out a password over Facebook or revealing private info during an earnest (but fake) phone survey.

Most security experts agree: the most dangerous hacks are those that trick employees at a company or any consumer who divulges private information.

source

Easyjet to trial volcanic ash detection system

Page last updated at 10:36 GMT, Friday, 4 June 2010 11:36 UK

Easyjet has unveiled a system that it says will allow airlines to safely fly around ash clouds.

It involves infra-red technology that allows pilots to see the damaging particles up to 62 miles ahead.

The theory is that a pilot can then change course and continue to fly safely.

It has the support of the Civil Aviation Authority (CAA), the body that decides whether it is safe to fly through ash in UK airspace.

The CAA said it was happy an airline appeared to have found a technical solution, and, although it was not endorsing the product, it would do what it could to help certification.

‘Silver bullet’

Earlier this year, many air passengers had their travel plans wrecked when airlines had to scrap thousands of flights due to the Icelandic volcanic ash problem.

The CAA faced criticism from some airlines, who argued that the body had been overly cautious.

Easyjet chief executive, Andy Harrison, said: “This pioneering technology is the silver bullet that will make large-scale ash disruption history.”

Easyjet believes its detector can spot ash at these heights and distance

The new system, called Airborne Volcanic Object Identifier and Detector (Avoid), will be tested by Airbus on behalf of Easyjet within the next two months.

Easyjet, which is spending £1m ($1.47m) on the system, says it is happy for rivals to share its knowledge.

Mr Harrison, said: “What we don’t want to do is to gain a commercial advantage over other airlines so we can fly and they can’t. We are not going to exclude people from this technology.”

He said the hardest part would be to get approval from European authorities.

Ash damage

Easyjet said the volcanic ash disruption had cost it up to £75m,

Its passenger figures for last month, showed 215,000 of its own passengers had their travel plans disrupted because of volcanic ash and 1,600 flights were cancelled.

Despite the impact of the ash cloud, the expansion of the no-frills airline meant that it still flew 7.9% more people in May than a year ago.

The average load factor of the plane, an important measure of airline efficiency, was 85.8% compared with 83.5% in May 2009.

A total of 4.25 million people took a flight with Easyjet in May, up from 3.95 million last year.