Researchers Claim That HP Laser Printers Can Be Hijacked To Steal Data And Catch Fire

hp-laserprinter-security-holes

The news was abuzz yesterday with coverage of a study released by Columbia University researchers warning consumers that HP laser printers are wide open to remote tampering and hacking. The researchers claim that the vast majority of printers from HP’s LaserJet line accept firmware updates without checking for any sort of digital authentication, allowing malicious users to abuse the machines remotely. The researchers go so far as to claim that modified firmware can be used to overheat the printer’s fuser, causing fires, to send sensitive documents to criminals, and even force the printers to become part of a botnet.

Officials at HP were quick to counter the claims, stating that all models built in 2009 and beyond require firmware to be digitally signed. Additionally, they say that all of the brand’s laser printers are armed with a thermal cutoff switch which would mitigate the fuser attack vector before any real fire risk would present itself. Despite HP’s statements, the researchers stand by their claims, asserting that vulnerable printers are still available for purchase at major office supply stores.

While most external attacks can easily be prevented with the use of a firewall, the fact that these printers accept unsigned firmware is undoubtedly an interesting one. We are curious to see if these revelations inspire anyone to create their own homebrew LaserJet firmware with advanced capabilities (and low toner warning overrides), or if this all simply fizzles out after a few weeks.

Building A Heat Sealer For Anti-static Bags

[Raphaël Assénat] needed anti-static bags for some boards he is selling. He had a lot of leftovers on hand (presumably from the components he ordered to assemble these boards) and wanted to reuse them. Instead of buying a heat sealer he built his own to cut them down to size.

His build starts with a transformer to drop mains voltage down to 9 Volts. From there, you can see the two power resistors used in series to limit the current. Without these, the wire would get way too hot. Just in front of those resistors is a momentary push switch which cuts the power by default. Here we can see that [Raphaël] is using a wood block to press the bag against the wire as it heats up.

The wire itself is a piece of straightened tension spring. Apparently this spring material is a poor conductor, which is why it gets hot enough to melt the plastic bag when you run current through it.

Hacking A VS200 Food Sealer

This food sealer just wasn’t cutting it for [Tinkering Engineer], so he decided to do something about it. The issue with this sealer was that it didn’t have a mode where it could simply seal bags without pulling a vacuum on it. Going through the whole process takes a reported 40 seconds in order to evacuate the air and then seal the bag. Without pulling a vacuum, the sealing process took only 9.

After taking everything apart and looking around, a PIC microcontroller, and vacuum switch were found as well as other assorted electronics. Although the first thought was to replace the onboard PIC with an Arduino, a much simpler solution was arrived at. Two switches were added, one to disable the vacuum pump and the other to manually turn on the heater. This would allow the machine to function as originally intended or simply let bags be sealed without the vacuum function.

This hack may not be the most advanced one that we’ve ever seen, but it’s a good reminder that some projects can be done very simply if you’re willing to look around!

Puncture Resistant Bike Tires From Old Seatbelts

puncture_resistant_bike_tires

[Nicolás] often rides his bike in the city, and on more than one occasion has ended up with a flat tire. A flat tire might not sound like a big deal, but imagine if you are a few miles from your destination and running late – now your day has gone from bad to worse.

He was contemplating how he might protect his bike’s tires from being punctured by glass and other debris, when he came across some old car seat belts that used to serve as straps for various messenger bags. He pulled the tires off his bike and after removing the inner tubes, he unrolled the seat belts inside the wheels. The belts were cut to size, then the tubes were reinserted into the wheels and inflated as normal.

He hasn’t run into any glass shards just yet, but [Nicolás] is betting that the reinforced nylon mesh of the seat belts will keep his tubes safe whenever he does.

[via Make]

Diagnosing Diseases Like MacGyver

pancratitis_test

If you ever watched MacGyver as a kid, you know that given any number of random objects, he could craft the exact tool he would need to get out of a sticky situation. If he ever made his way into the medical research field, you could be sure that this test for Acute Pancreatitis would be among his list of accomplishments.

Designed by University of Texas grad student [Brian Zaccheo], the Acute Pancreatitis test seen in the image above looks as unassuming as it is effective. Crafted out of little more than foil, jello, and milk, the test takes under an hour to diagnose patients while costing less than a dollar.

The test works by checking the patient’s blood for trypsin, an enzyme present in high concentrations if they are suffering from pancreatitis. Once a few drops of the patient’s blood is placed on the gelatin layer of the test, it is left to sit for a bit, after which sodium hydroxide is added. If elevated trypsin levels are present, it will have eaten through the gelatin and milk protein, creating a pathway for the sodium hydroxide to reach the foil layer. If the foil is dissolved within an hour, a circuit is formed and a small LED lights up, indicating that the patient has acute pancreatitis.

The test really is ingenious when you think about it, and will be a huge help to doctors practicing in developing countries, under less than ideal working conditions.

[via PopSci via Gizmodo]

Researchers Discover That Cars Can Be Hacked With Music

car_dash

In 2009, [Dr. Stefan Savage] and his fellow researchers published a paper describing how they were able to take control of a car’s computer system by tapping into the CAN Bus via the OBD port. Not satisfied with having to posses physical access to a car in order to hack the computer system, they continued probing away, and found quite a few more attack vectors.

Some of the vulnerabilities seem to be pretty obvious candidates for hacking. The researchers found a way to attack the Bluetooth system in certain vechicles, as well as cellular network systems in others. Injecting malicious software into the diagnostic tools used at automotive repair shops was quite effective as well. The most interesting vulnerability they located however, was pretty unexpected.

The researchers found that some car entertainment systems were susceptible to specially-crafted MP3 files. The infected songs allowed them to inject malicious code into the system when burned to a CD and played. While this sort of virus could spread fairly easily with the popularity of P2P file sharing, it would likely be pretty useless at present.

The researchers say that while they found lots of ways in which it was possible to break into a car’s computer system, the attacks are difficult to pull off, and the likelihood that they would occur in the near future is pretty slim.

It does give food for thought however. As disparate vehicle systems become more integrated and cars become more connected via wireless technologies, who knows what will be possible? We just hope to never see the day where we are offered an anti-malware subscription with a new car purchase – at that point, we’ll just ride our bike, thanks.

[Picture courtesy of Autoblog]

‘Tis The Season To Decorate Bags With EL Wire

We hope you’ve already got parts on hand for your holiday projects because shipping might be a little slow at this time of year. But if you’ve got a bag and some unused EL wire here’s a one-day project you should try. Make yourself a Tron-inspired shoulder bag, or backpack.

On the right, [PT] is doing fantastic job of modeling with his electroluminescent offering. This is another Adafruit offering that holds your hand each step of the way from designing, to sewing, to wiring it up. This will go great with that glowing unitard he’s been working on.

[Alan Yates] has also done a spectacular job with his Tron backpack seen on the left. He picked up his EL wire on clearance at a place called “big-W” after Christmas last year. They were selling 3 meter segments (each with their own inverter) for just $3. We’re happy he got a deal and even more pleased that he found a use for it.

[Thanks Drone]