Protection Against an FW Upgrade

00:00

Welcome back to printing Security Intermediate Course. In this video, I'm going to talk about protection against forever upgrade. So I will talk about how to prevent further attacks on your printing devices.

00:13

So it is the most difficult hack in in printer hacking world. Why?

00:19

Because it requires deep knowledge of printing device architecture. And I'm not talking about the harbor.

00:26

I'm I'm talking about the firmer. How the firmer is written so essentially requires the knowledge about the special, the vendor specific things that is,

00:42

that they're embedded. So technologies and knowledge that is embedded in the former of the rights of bias of the device.

00:50

It usually requires physical access to the ways

00:54

because if you allow the device to be updated by USB,

01:02

then you have the

01:04

the way to make this happen if you have. So, if you're, for example, pretending to be somebody on the cleaning crew in the company and in the late hours you can just disconnect that device from a network, turn it on, do the up update,

01:23

and then turn it off, put the net for backing

01:26

or just leave it in the sleep mode, put the network picking nobody will know you did it. If it's not,

01:36

um,

01:37

allowed to do the USB update off the firmer. Anybody who has the knowledge can still do the cold reset of the device and do these things. So if they have physical access to device,

01:53

they're pretty much able to do anything that, for example, any service technicians can do if they knowledge. So what is the problem in these cases is that you have to at least have some kind of monitoring that will tell you

02:07

that something has happened with the ways in terms off, not to the bys update. You usually don't know these things

02:15

because they will live version same. So you won't be able to see that with the monitor inflict monitoring softer. But if they reset the device that it then it will turn to default. And in the morning

02:29

you will know that this device is no longer network, so you can then

02:32

pay special attention to it.

02:35

Off course. This this can be done remotely.

02:38

But in that case,

02:40

somebody who is doing it has already entered your network illegally,

02:46

and then maybe they need the printing device so that they will have a stealth look in your network, but in this case, they can pretty much do anything anyway. So, yes, it can be done remotely, but it's not very likely that somebody will do that.

03:01

So what do you need to protect against from rob grades? So first step is to disable firmer upgrade from USB.

03:08

Then, if the device has this opportunity, is to define list of locations from her firmware upgrade this possible, which is called white listing. So you defined that it can update the firmer on Lee from It can be done on Lee from your server, where you keep the latest firmer versions.

03:28

So, for example,

03:30

you have taken the device toe be repaired. The the formative board or rendering board has been replaced its back

03:38

and maybe diversion on that former to board because it was sitting in a service depot for

03:44

nine months or a year. Which happens

03:46

then. It's not the latest firmer, so you have to do that immediately, so you have to check. You have to update it, and then you do it. You have to first set up everything and then you you do the firmer up great, and then you dual the other set settings.

04:03

If somebody has

04:05

installed firmer malicious farmer bios in a device when you do the upgrade Oh, are you will pretty much be sure to that you have erased it because these things go away because the entire former is upgrades.

04:24

If your device

04:26

have, ah, firmer integrity trick,

04:29

um, then you should perform daily remote power cycle on all such devices. What does it mean?

04:34

That means that if your device can detect on the boot, if the firmer is okay and it's usually done by keeping the golden copy from her somewhere else on the device,

04:46

then when you reset,

04:48

these things usually get re written. So if somebody has done the firmer and firmer upgrade vid immolations, firmer bias

04:58

and you do the power cycle, you will probably delete these things. And you can do the power cycler remotely. You can even schedule it.

05:08

So, uh, next to ah, firmer upgraded. There is malicious app,

05:15

and what you do is to constantly monitor all absent all devices. So again, fleet management softer.

05:20

And when you look at the page village with ever determine, which is pretty much the standard thing for these.

05:28

You can see a lot the absolute every device. So you can monitor this in something appears that is not supposed to be there. It's time to react

05:38

I haven't seen so far. Somebody being ableto create militia sap, install it on the device and keep it hidden from Fleet Management's after. So these things

05:51

are very difficult to hide. This is not Windows operating system running there. You cannot hide the virus. This is not the wires. This is a regular app that stands in the certain portion off devices, memory

06:05

and it can be detected.

06:09

Also, you can restrict our up installation. So once that you have set up your fleet, these applications are plug ins. They don't get installed. You don't need to install them on a regular basis. This is happening only if you're changing something drastically in your printings at the configuration.

06:26

So if you install everything and everything is there and then on a device, you restrict up installation. So you said you they cannot be installed.

06:33

Then you're pretty much safe from malicious up attack, even if somebody has physical access to the device.

06:43

So that's all about malicious EPA tech on DFO for attack. So let's searches the quickly and check up

06:51

What is the easy way to perform for upgrade attack? Is it from Fleet Management's After Easy Through invented the server? Or is it using USB flesh?

07:01

And the correct answer is

07:04

using use before sh This is the simplest way to do this things, even if you have switched to the

07:12

capability of doing from elaborate from us beyond the device, you can do the cold reset, which returns the device to factory default settings, and then you can do it.

07:24

Or even if the five factory default setting is that you cannot do us before, I should update on the device if

07:32

you can. If you can really reset device to factory settings and there is no password and you can enable it. So

07:43

this is simplest and easiest way to do for were upgrade on a device if you're doing something delicious.

07:51

So this is the end of the model regarding different kind of for tax pointed that printing devices and how to protect yourself against them

08:03

and in this particular video, our lesson. I have been talking about how to protect yourself against somebody trying to do malicious, firmer attacks or to install firmer that contains malicious code.