14 DAY TRIAL // Researchers in Singapore have developed a unique setup consisting of a drone (or vacuum) that carries a smartphone running two special apps that can find insecure WiFi-connected printers, and then warn (or hack) the owner via an email or a printed message.
The country of Singapore is nothing more than a single city on an island in South-East Asia. Because of space limitations, most of the office buildings in the city are skyscrapers.
This means that there are a lot of companies bunched up together in these buildings, so a weak link in security policies can be easily exploited by hackers at the same time on different targets.
One such weak link is the humble printer, which in recent years has moved from being connected via hard lines to working predominantly via WiFi connections, that in most cases are not protected or encrypted in any way.
This is the basic concept on which students Jinghui Toh and Hatib Muhammad, led by Professor Yuval Elovici, have created the Cyber Security Patrol project.
Using drones and vacuums to find insecure printers, for good or evil
This project, as described above, consists of a drone fitted with a smartphone that can fly inside a building, or outside it, and scan for WiFi printers.
Once a printer is found with an open connection which allows the smartphone running a mobile app to intercept printing orders, the phone will take a picture of the printer (if possible), or the location where the printer was detected, and send it to a desired email address.
The smartphone can optionally send the printer a preformatted message, which the device will print out, informing the company that the particular printer is improperly configured.
If flying a drone is not an option, companies can deploy this scanning technology on any self-navigating device. The researchers tested this same setup also using a self-guided vacuum.
The smartphone does not necessarily need to be in a drone, attackers can carry it in their pockets
All good and dandy, if you're using the researcher's "Cybersecurity Patrol" app, which is like the Light side of the Force. If you like the Dark side better, the researchers have also created a second app, which instead of alerting printer owners of exposed printers, will intercept print orders, and then send them via a 3G/4G connection to a desired Dropbox account.
This app can be used to disrupt a company's normal operations by completely intercepting print orders, but if attackers want to cover their tracks, the app can also send the print instructions to the printing device, although after some delay, needed to relay the data via the drone.
Of course, you don't have to necessarily hide the smartphone in a drone or a vacuum. An attacker could easily walk around a company's offices with a smartphone in his pocket.
This project is the work of iTrust, a Center for Research in Cyber Security at the Singapore University of Technology and Design. A proof-of-concept video can be viewed below:
