ADVERTISEMENT
  About the SA Blog Network













Assignment: Impossible

Assignment: Impossible


Exploring the area between the unknown and the impossible.
Assignment: Impossible Home

From The Writer’s Desk: Secret Electronic Wars?

The views expressed are those of the author and are not necessarily those of Scientific American.


Email   PrintPrint



In the series, “From The Writer’s Desk,” I’ll describe what I do for a living as a writer and ideas I have for advancing my craft.

Today I have a story out on a secret war that might have taken place for years in the embedded computers found within the devices that make up the backbone of the infrastructures of our nations and corporations. And there’s so much more to the story than might have comfortably fit into what ran, which I’ll talk about here.

PRINTER DANGER: In 2011, computer scientists revealed they could hack into printers and break into every computer linked to these printers. Image: Flickr/James F Clay

So as background, scientists at Columbia earlier showed they could fairly easily to hack into these embedded computers and use them as backdoors to infiltrate personal computers — for instance, a printer could easily get compromised by an infected document file.

The threat is potentially huge — at least a fifth of all embedded computers accessible online still have their factory default passwords, meaning just about anyone can waltz in and compromise them. Now researchers at Columbia have developed software they call “symbiotes” that might be able to not only detect and prevent online attacks on embedded computers, but also help reveal how long they might have been going on under our noses. (You can read the online story here, and the print version here.)

So it’s a pretty fun story. A little known threat, potentially very high stakes, a potential solution to the problem, and the hint of an unknown history. The thing about journalism — or at least, in my mind, responsible journalism — is that it’s about what you can prove, not about all of what you might know or think you might know. As such, there are a lot of anecdotes and speculation connected with this research that I didn’t think belonged in my story, but that I think it’s all right to discuss and speculate about informally on my blog.

First off, there was a great anecdote about how the researcher Ang Cui met with a military base and told them about their online vulnerabilities. They checked about a month later, but the vulnerabilities were still there. When Ang asked them if they knew the vulnerabilities were still up, the officer he asked just raised an eyebrow.

So yes, the vulnerabilities were still there. They apparently served as what in hacker parlance is known as a honeypot — systems set up to record enemy attacks to learn more about intruder tactics.

A real-time map of global cyberattacks. Click the image to read more.

Good luck trying to confirm the identity of the base or the fact that vulnerabilities were left out as bait for hackers. As such, an anecdote without confirmation is just hearsay, which is why I didn’t put it into the story.

An intriguing, disturbing line of conjecture that came up when I was mulling this story over is why certain nations remain so vulnerable to this line of attack. For instance, South Korea, one of the most wired countries on the planet, hasn’t patched many of these vulnerabilities yet. Given how they have a mortal enemy directly to their north, one would think they might put it on their to-do list, or how allies such as the United States might quietly tell them their fly was essentially open, especially given that an attack on South Korea might inadvertently or intentionally damage the United States as well.

What if certain vulnerabilities are intentionally being left open as giant honeypots? Defenders want to collect as much data on possible attacks as possible, so honeypots are useful for that purpose. Still, it seems like there’d be massive public outcry if so much infrastructure was intentionally left vulnerable just to collect intelligence, raising thoughts of popular ideas regarding the Coventry Blitz claiming that Churchill left Coventry burn during World War II to protect intelligence about the Enigma cypher machine.

I’m not really sure what’s the worse possibility — that countries are intentionally being left vulnerable to learn more about intruders, or that countries are unintentionally being left vulnerable out of sheer ignorance.

You can email me regarding From The Writer’s Desk at toohardforscience@gmail.com.

Charles Q. Choi About the Author: Charles Q. Choi is a frequent contributor to Scientific American. His work has also appeared in The New York Times, Science, Nature, Wired, and LiveScience, among others. In his spare time, he has traveled to all seven continents. Follow on Twitter @cqchoi.

The views expressed are those of the author and are not necessarily those of Scientific American.





Rights & Permissions

Comments 11 Comments

Add Comment
  1. 1. jtdwyer 2:27 am 11/27/2012

    I’m not a hacker, but I have some experience with operating system level coding and security software. I’d be surprised if an infected printer could do much damage to connected PCs since, as I understand, the PC device driver software they communicate with are not generally designed to receive anything from printers but device status information… I could be wrong, but I suspect the threat has been exaggerated, as in other cases I’ve been aware of in the past. Security consultants make a living by inciting insecurity…

    Link to this
  2. 2. toohardforscience 10:38 am 11/27/2012

    No, Ang Cui has publicly demonstrated this work in front of many, many other hackers and the security community, and the ease of which he could seize root of a printer and then use it to compromise computers it was on the network with was scary.

    Link to this
  3. 3. toohardforscience 10:40 am 11/27/2012

    By which to say, you may not believe the researcher by imagining some kind of nefarious reason for him exaggerating his work, but are you going to disbelieve the many people who’ve reviewed his work as well?

    Link to this
  4. 4. OgreMk5 2:10 pm 11/27/2012

    Given what I know of the military, I be much more willing to ascribe bureaucratic inertia, cost factors, levels of effort, and clueless superiors than anything like honeypots. I can see a cyberwarfare division setting up a lightly defended server, but a printer?

    Link to this
  5. 5. jtdwyer 2:32 pm 11/27/2012

    toohardforscience – No, I was merely responding to the evidence provided, which was no more than anecdotal, just as mine is. I assure you that I have nothing to gain by reporting that I have observed security and many other kinds of consultants promoting their services by misrepresenting risks and their capability to address them. Everybody’s go to make a living somehow, even Ponzi scheme managers! I’m not imagining anything.

    I’d have been happy to review Ang Cui’s work if any references had been provided. Has Anq Cui disclosed his methods in any peer reviewed journals?

    I’ll also to be happy to disbelieve your report as well unless you can substantiate it. By the way, I’ve also seen plenty of impressive technical demonstrations at conferences that misrepresented actual capabilities. I was never in the business of believing the claims of those marketing products or services.

    Link to this
  6. 6. jtdwyer 3:19 pm 11/27/2012

    I would be most interested in understanding how a printer, whose usual communications with a client system device driver is to provide status, such as ‘received the file A’, ‘printing document 1′, ‘paper jam’, ‘out of paper’, etc., could manage to take control of the client PC. It’s one thing for a document to hide a Trojan horse program that could possibly take control of a printer’s operating system – it’s another for a printer to take control of a client system…

    I’d view such a takeover event as analogous to a person falling under the spell of his wristwatch…

    However, perhaps there’s some method I’m overlooking…

    Link to this
  7. 7. toohardforscience 7:27 pm 11/27/2012

    By using the magic power of Google to look up Ang Cui — or by using the links to his papers provided in the online article I refer to in this post — it took me about 5 seconds to find his Web site, with links to his papers.

    http://ids.cs.columbia.edu/users/ang

    Have to now head out to vacation in Turkey!

    Link to this
  8. 8. jtdwyer 10:17 am 11/28/2012

    I’m not interested.

    Link to this
  9. 9. bucketofsquid 5:24 pm 11/29/2012

    Interesting link toohardforscience. I found it quite interesting how the printer can force a download of 7M of naughty bits by a PC or Mac. I’m just curious if it does the same for tablets or smart phones.

    Link to this
  10. 10. jtdwyer 7:08 am 12/2/2012

    OK – I visited the URL supplied by toohardforscience and found absolutely no support for the assertion that printers could take control of PCs, as stated in the third paragraph of this article:
    “… scientists at Columbia earlier showed they could fairly easily to hack into these embedded computers and use them as backdoors to infiltrate personal computers.”

    I did find where some specific printers in networks with specific access characteristics could attacked to cause printer disfunction and even physical damage. That is a far cry from the claim that I was questioning – that printers could take control of PCs.

    If any brilliant scientist can produce a specific reference explaining how printers could take control of PCss I’d be most interested. Otherwise, I must conclude that some gullible or uninformed analysts, journalists and readers are being deceived by themselves or others, intentionally or not.

    Link to this
  11. 11. Charles Q. Choi in reply to Charles Q. Choi 5:55 pm 12/10/2012

    Returned from vacation. @JTDwyer: since you seem to still not understand how a printer can be used by an intruder to hack a connected computer, try looking at this paper: http://ids.cs.columbia.edu/sites/default/files/ndss-2013.pdf

    Honestly, I’m not quite sure you’ll understand the paper, since your comments seem to suggest that you don’t understand what a backdoor is. The printer serves as a backdoor, as I wrote — the intruder takes control of the PC through the printer; the printer does not “take control” of the PC.

    Link to this

Add a Comment
You must sign in or register as a ScientificAmerican.com member to submit a comment.

More from Scientific American

Scientific American Holiday Sale

Give a Gift &
Get a Gift - Free!

Give a 1 year subscription as low as $14.99

Subscribe Now! >

X

Email this Article

X