Hackers: The Target May Not Be Your Computer

A recent news story told of a Columbia University experiment that showed that hackers could attack mundane office equipment like faxes and copiers.  In the experiment, the students were able to hack into a HP printer with firmware, taking complete control of the machine.  Once done, they could access anything being printed, use the printer as a gateway to networked computers and even overload the printer to the point that it caught fire.  HP downplayed the issue, but most machines made prior to 2009 have no built-in security whatsoever.

This experiment highlights the fact that cyber and physical security programs should consider not just the obvious targets like intellectual property and information stored on computers, but any equipment that is networked.  These days “any equipment that is networked” includes not only our computers and office equipment, but also networked electronics used for physical security. Networked  sensor alarms alert us to intrusions, fires and nearly all other hazards. We use video surveillance to monitor sensitive areas and computer screens to monitor the feeds. Computers often control physical access. Badges, identification cards and other authentication methods also employ networked electronics. Even the access authorization lists administered by humans are generated using computers.

Obviously this type of equipment is vulnerable to hackers as well and one can only imagine what kind of damage a hacker could do triggering or disabling alarm systems or the ease with which they could gain physical access to key areas.

A blazing fax machine may be rather unlikely, but the fact that it could happen does serve as another reminder of the importance of converging physical and IT security practices and the disappearing line between them.

Advertisements
Hackers: The Target May Not Be Your Computer

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s