Corporate offices often have centralized printers connected to their wired network for shared printing. That can sometimes be inconvenient so what’s a good assistant to do? Run out to the local office supply store to pick up an inexpensive desktop printer. These printers usually have wifi built in and turned on by default.
When sweeping corporate offices we regularly find such printers while performing our network inspection. The wifi is usually unsecure and open for anyone to log into. If the staff (or executives) are using the wifi for their local printing, they then may be opening up themselves for hacking and spoofing as described in the Wired article below. We’ve even found executives bringing in their wifi printer from home just for the convenience.
The researchers in the article used a drone to reach the upper floors of an office building, but a disgruntled or over zealous employee could perform the same hacks just being in a cubicle or office nearby, perhaps even on the floor below. The video even shows them using a modified robotic vacuum for their attack.
from Wired.com: Hacking Wireless Printers With Phones on Drones
YOU MIGHT THINK that working on a secured floor in a 30-story office tower puts you out of reach of Wi-Fi hackers out to steal your confidential documents.
But researchers in Singapore have demonstrated how attackers using a drone plus a mobile phone could easily intercept documents sent to a seemingly inaccessible Wi-Fi printer. The method they devised is actually intended to help organizations determine cheaply and easily if they have vulnerable open Wi-Fi devices that can be accessed from the sky. But the same technique could also be used by corporate spies intent on economic espionage.
The drone is simply the transport used to ferry a mobile phone that contains two different apps the researchers designed. One, which they call Cybersecurity Patrol, detects open Wi-Fi printers and can be used for defensive purposes to uncover vulnerable devices and notify organizations that they’re open to attack. The second app performs the same detection activity, but for purposes of attack. Once it detects an open wireless printer, the app uses the phone to establish a fake access point that mimics the printer and intercept documents intended for the real device.
“In Singapore … there are many skyscrapers, and it would be very difficult to get to the 30th floor with your notebook
Student researchers Jinghui Toh and Hatib Muhammad developed the method under the guidance of Elovici as part of a government-sponsored cybersecurity defense project. They focused on wireless printers as their target because they say these are often an overlooked weak spot in offices. Many Wi-Fi printers come with the Wi-Fi connection open by default, and companies forget that this can be a method for outsiders to steal data.
Standard drone equipped with smart phone for wifi detection.
For their demo they use a standard drone from the Chinese firm DJI and a Samsung phone. Their smartphone app searches for open printer SSIDs and company SSIDs. From the SSIDs, the app can identify the name of the company they’re scanning as well as the printer model. It then poses as the printer and forces any nearby computers to connect to it instead of the real printer. Once a document is intercepted, which takes just seconds, the app can send it to an attacker’s Dropbox account using the phone’s 3G or 4G connection, and also send it on to the real printer so a victim wouldn’t know the document had been intercepted.
CyberPatrol modified vacuum, detecting open WiFi printers