An embedded-system exploit would likely be an inside job, performed by an employee or by someone posing as a service technician, O'Connor states. "A toolbelt, a laptop, and a phony work order will get you into most organizations. 'I'm here to fix the copier' is a statement that no one will question." Attackers could also get access to printers by querying the LAN controller, doing a search for printer ports, or simply walking up to a printer and printing the configuration page.
What can enterprises do to prevent this type of attack? "The short answer is that you're pretty much screwed," O'Connor says. "Longer-term, users need to put pressure on vendors to take these types of vulnerabilities more seriously."
— Tim Wilson, Site Editor
No comments:
Post a Comment