PRINTER DANGER: In 2011, computer scientists revealed they could hack into printers and break into every computer linked to these printers.
Image: Flickr/James F Clay
-
The Best Science Writing Online 2012
Showcasing more than fifty of the most provocative, original, and significant online essays from 2011, The Best Science Writing Online 2012 will change the way...
Read More »
Anti-hacker defenses have long focused mainly on protecting personal computers and servers in homes and offices. However, as microchips grow smaller and more powerful, new targets for hackers are becoming widespread—embedded computers such as the electronics handling car engines, brakes and door locks; the routers that form the Internet's backbone; the machines running power plants, rail lines and prison cell doors; and even implantable medical devices such as defibrillators and insulin pumps. Many of these embedded devices can now link with other computers, putting them equally at risk to intruders. Indeed, in October, Secretary of Defense Leon Panetta warned that the U.S. faced the threat of a "cyber Pearl Harbor" if it failed to adequately protect these systems, echoing a warning CIA Director John Deutsch gave to Congress in 1996 about an electronic Pearl Harbor (pdf).
Now computer scientists are devising guardians they call symbiotes that could run on embedded computers regardless of the underlying operating systems. In doing so, they may not only help protect the critical infrastructure of nations and corporations but reveal that warfare against these devices may have been going on unseen for years, researchers say.
The problem is worse than you might think. Already research has shown that a vast number of machines lie completely open to attack. For instance, in 2011, after scanning large sections of the Internet, computer scientists Ang Cui and Sal Stolfo at Columbia University identified more than 1.4 million publicly accessible embedded computers in 144 countries that still had factory default passwords that would give anyone with online access total control over the machines. These devices, which make up about one in five of the embedded computers they found (pdf), included routers, video-conferencing units, cable TV boxes and firewalls used to defend computer networks.
These vulnerabilities pose a host of dangers. In 2011 Cui and Stolfo revealed they could hack into printers (pdf) made by Hewlett–Packard with infected documents or by connecting to them online, allowing them to spy on everything printed with those machines and to break into every computer linked to the printers. (HP has since fixed this vulnerability.) Cui also explains it could be easy to develop malicious software or malware that would allow hackers to shut down infected routers just by pinging them an innocuous data packet.
Attacks against embedded system aren't the kind "where criminals are trying to get credit card data," Cui says. "They're more stealthy. More sophisticated. This is corporate espionage–level stuff. Cyber war–level stuff. The people looking to target these systems aren't out to make a big splash, but might aim to take down a country's critical infrastructure."
One problem researchers face in designing safeguards for these vulnerabilities is the incredible diversity found in the programs running embedded computers. For instance, Cui notes that routers made only by Cisco possess about 300,000 different firmware images—the operating systems of embedded computers and their accompanying programs.
Rights & Permissions
See what we're tweeting about
6 Comments
Add CommentThis is part of the arms race between attackers and defenders, and similar to something we in enterprise security have been doing for years on the network. There, we use some passive techniques to detect malicious attacks by silently sending copies of packets off to another device to check against signatures, heuristics, etc. Those systems can then raise an alert when potentially malicious traffic is found and/or save the network stream for later analysis or evidence.
Reply | Report Abuse | Link to thisThe idea presented here is similar: provide an out-of-band (OOB) monitor to check for malicious activity. There is, however, the problem that even the OOB monitor must be updated periodically to update the capabilities or at least let it know when the firmware or microcode has been updated. This presents a potential attack vector on its own, and another point of focus for attacker and defender alike.
The Defender's Dilemma still holds true: The defender must be right every time. The attacker need be right only once.
This may not be printed, but there are a number of points to be made.
Reply | Report Abuse | Link to thisFirst and foremost, to think that it is impossible to design computers so they can't be protected is patently ridiculous. If nothing else, which I have suggested, but which has never been acknowledged I said, is to equip a computer with a duplicate but smaller fully functional system which will harbor and run the questionable software first. Then the contents of the system will be checked and, if found to be damaged or compromised, the software item removed. Or, a program could be devised that will take the code of a piece of software and "run" it by assessing the results of each line of code. Then, if questionable actions are requested or dangerous results like an explosion of hard drive space acquisitions is detected, it could be rejected. This is the same as saying the infrastructure of Iraq showed no signs of the presence of banned weapons systems. It's absolutely true, it's valid, the conclusion is correct and no one but me is recognizing it.
In fact, the evidence is that they deliberately leave back doors in software and systems for "official" acts of mayhem, from bugging someone to even ruining their system to try to stop them. Hackerdon't find weaknesses in the system, they know they're there. And, more than that, they probably put them there.
Too many people fail to realize the cozy little monopoly they've tried to turn the computer industry into. Many if not most know less than 1% the workings of their computer. How many didn't know, for example, that fils are not destroyed when erased, the space containing the information is flagged to re-use, but the contents remain and can be accessed? They've completely done away with the DOS layer of potential control, making everything run solely by software derived solely by the literally pathological C language. They've done everything to divocer the computer from the auspices of its owner! And that is the entire community, the actual programmers, the "hackers", who apparently, if they aren't also working for the software firms, fraternize with software firms' programmers, and likely get "consultant" fees, for putting the back doors in and producing compromising code! They design software and systems to leave computers open to attack, then charge extra to produce software to combat the weaknesses they built in! An ugly secret of the computer industry! They see themselves as getting even for being called "nerds" by trying to thieve from consumers wholesale.
@julianpenrod, "This may not be printed", why do you insist on putting that on everything you post? If it doesn't get posted, that statement means nothing, if it does get posted, it still means nothing. You are appear to be suffering from Paranoid Schizphrenia. Have you gone off your meds?
Reply | Report Abuse | Link to thisThis sounds unnervingly like the intelligent little bots that tied together all of the worlds networked computers and put SkyNet in control in Terminator 3.
Reply | Report Abuse | Link to thisA little dramatic I suppose but code intended to move from computer to computer searching for malware could just as easily be used to plant such malware.
In all seriousness, we cannot stop malware. We can only slow it down. Any hardware or software design makes assumptions regarding how that design is to be used.
Reply | Report Abuse | Link to thisHumans can and do envision ways that these designs can be misused and they can provide protections against that type of misuse but these protections still involve assumptions about the misuse.
Any protection against malware can be defeated. If a human can figure out how to build such protection into a system, then some other human can figure out how to defeat that protection.
All you can really do is invest enough time and money into developing protection strategies that the cost of defeating those strategies exceeds the value to the would-be thief.
For instance, in the old days of video tape, companies spent millions of dollars and months or years of development time trying to create workable copy protection only to have it defeated in a matter of minutes by bright young people who had the time and the motivation to do so.
With all the multi-core processors made by Intel and AMD, it should be possible to add on a security core running its own microcode and its own isolated cache of RAM. A "deluxe" version might be having a security cpu core for each of the higher power x86/64 cores.
Reply | Report Abuse | Link to thisSince all of the x86/64 cores running need to be on the same clock, it could be that the security core could modify the clock pulse to "stretch a clock cycle" on a random sequence and use the "hidden stretches" to examine transactions going on with the main cores.
Another area of concern would be memory management. A lot of that task is now done on a internal subsystem running at CPU speeds to be able to keep up. The security cores ought to keep an eye on RAM registers to be sure malware isn't running in its own mapped RAM zones or running routines looking for targeted applications running in their own RAM mapped zones.