Smartphones On Drones Can Hack Your Wireless Printer - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Mobile & Wireless
News
10/8/2015
09:01 AM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Smartphones On Drones Can Hack Your Wireless Printer

Weak links in network security prove easy to find with drones and phones.

Drones: 10 Novel Uses For Your City
Drones: 10 Novel Uses For Your City
(Click image for larger view and slideshow.)

People are often seen as the weak links in network security, but printers may offer another avenue of attack.

Researchers from iTrust, a cyber-security research center at Singapore University of Technology and Design, have used a drone carrying an Android smartphone to compromise a network through a connected WiFi-enabled printer.

Exploiting the erroneous assumption that printers can get by without wireless security, the researchers, including professor Yuval Elovici, Jinghui Toh, and Hatib Muhammad, created an Android app that can identify a printer's open wireless network. To get the phone with the attack app near enough to exploit the vulnerable printer, the researchers affixed the device to a drone.

The app was designed to hijack data. Print jobs sent to vulnerable printers ended up on the smartphone instead. The app then sent the captured files to the cloud via the smartphone's cellular connection and placed the files in the attacker's Dropbox folder. The app also has the ability to send captured print jobs back to the printer, in order not to arouse suspicion.

(Image: Singapore University of Technology and Design)

(Image: Singapore University of Technology and Design)

The use of a drone as a platform to attack networks may amplify concerns that drones need to be more tightly regulated. Worries about drones have prompted a backlash that threatens to slow their commercial deployment. On Tuesday the Federal Aviation Administration, still struggling to create rules to govern the use of drones, proposed a $1.9 million fine to punish drone startup SkyPan for allegedly conducting dozens of unauthorized flights over Chicago and New York.

That same day, California Governor Jerry Brown signed legislation to prevent paparazzi from flying drones over private property to take pictures. A drone "death ray" also debuted in Las Vegas this week at the Commercial Unmanned Aerial Vehicle (UAV) Expo.

[Read Facebook Drone Is Ready To Fly.]

But the attack vector needn't be airborne. The iTrust researchers also showed that their attack is feasible through a smartphone hidden in a robot vacuum cleaner. A smartphone running the attack software could just as easily be carried into a workplace, deliberately or unwittingly, by an employee, contractor, or visitor.

The researchers subsequently created a second app, called "Cybersecurity Patrol," to help IT managers mitigate this risk. Rather than hijacking print jobs, this app took a picture of the vulnerable printer and emailed it to the organization's CIO. It also sent remediation instructions to the printer.

Perhaps that's the future of vulnerability reporting.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
FungS407
50%
50%
FungS407,
User Rank: Apprentice
10/20/2015 | 10:19:07 PM
Gimme a break
Let's see - do we have all our hot buttons lined up ready to push?

Wireless printer?  Check.

Smart phone? Check.

Toy helicopter? Check.

Wait, it's not a toy helicopter, IT'S A DRONE!!!  Oh my god, a DRONE!!!  Fear! Fear! Fear!!!  It's someone from the government here to blast us to smithereens from the sky!!!  It's a perv with a flying camera here to look inside at me dressing!!! 

So basically this is a wifi hack that someone happened to do with a phone instead something like a laptop, and they got it within range of a vulnerable printer by using a flying toy instead of just hiding outside the door.

It's like 1998 all over again, but instead of spreading irrational fears about the internet, nowadays you just add "with a drone" to any activity to ratchet up the hysteria factor.

Cool hack, but nothing we didn't know about before.  
danielcawrey
50%
50%
danielcawrey,
User Rank: Ninja
10/9/2015 | 12:26:13 PM
Creative
I think this is a very interesting and creative hack. Yes, it is a serious vulnerability, one that could be very effective when exploited. It further reinforces the notion that even though drones are a fun hobby, they probably aren't going to be something that the masses will have access to without serious regulation. 
Commentary
What Becomes of CFOs During Digital Transformation?
Joao-Pierre S. Ruth, Senior Writer,  2/4/2020
News
Fighting the Coronavirus with Analytics and GIS
Jessica Davis, Senior Editor, Enterprise Apps,  2/3/2020
Slideshows
IT Careers: 10 Job Skills in High Demand This Year
Cynthia Harvey, Freelance Journalist, InformationWeek,  2/3/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Slideshows
Flash Poll