Wendy is not an alarmist sort of person, and she has me scared. In Printers on Fire, she tells the tale of Columbia computer science professor Sal Stolfo and PhD student Ang Cui, who have figured out how to hack routers and set printers on fire by printing a suitably doctored c.v.
There’s an employment-related joke in there somewhere, I’m sure, but I’m still stuck on this part:
“In every LAN there are enormous numbers of embedded systems in every machine that can be penetrated for various purposes,” says Cui.
“We turned off the motor and turned up the fuser to maximum.” Result: browned paper and…smoke.
How? By embedding a firmware update in an apparently innocuous print job. This approach is familiar: embedding programs where they’re not expected is a vector for viruses in Word and PDFs.
“We can actually modify the firmware of the printer as part of a legitimate document. It renders correctly, and at the end of the job there’s a firmware update.”
Moral of the story: print more at work?