

How to turn a phone into a covert bugging device? Infect the printer - RougeFemme
http://arstechnica.com/security/2014/02/how-to-turn-a-phone-into-a-covert-bugging-device-infect-the-printer/

======
jrochkind1
How do you execute code on a printer by printing a document?

The OP, in a link that seems intended to be more info on this, is to a CVE
about an open port 9100 on printers allowing unsigned firmware updates. That
seems to be a different thing?

~~~
zimbatm
Simple. Printers support PostScript which is an executable file format. And
for some reasons some vendors like HP though it to be a good idea to add an
instruction that allows to update the firmware.

~~~
RBerenguel
An instruction through PostScript? Keep in mind PostScript is interpreted, so
adding an instruction to the interpreter to update the firmware is... Really
stupid on their side

~~~
sliverstorm
On the other hand, also super nifty. You or I could probably figure out how to
update a printer with snmp, but any idiot can update their printer if they
just have to print this or that page.

~~~
RBerenguel
Printing a direct PS file is not straightforward in most (Windows, Mac)
operating systems, since they convert it to PDF (Mac) or wonder what the hell
it is (Win, at least last time I tried). But agree, nifty... And dangerous!

------
bcohen5055
Isn't the printer vulnerability completely separate from the phone firmware
hack? Theoretically there are a number of different attack vectors that could
enable someone to update the firmware on the phone

~~~
sliverstorm
You would seem to be correct, the printer vulnerability isn't the story behind
the researcher's attack. But on the other hand, it _is_. Yes, a particular
model of phone has a vulnerability to local network devices. But which is more
interesting and important, knowing the Avaya 9608 is vulnerable, or talking
about how devices we normally think of as totally passive (non-actors if you
will) are actually attack vectors?

In other words, the researcher details a vulnerability. That's the news out of
the researcher. But to me, I'm reading an article about unusual attack
vectors, because that's the most interesting part to me.

~~~
aaronblohowiak
Like in DS9 when the evil genius hid the subspace link in the waste management
system, because nobody would search such an "unimportant" system.

