If you think being nestled in your high-rise office many stories above the madding crowd will keep your wireless printers and confidential documents safe, you may need to rethink your skyscraper-centric security strategy.
In October, researchers in Singapore showed how hackers armed with a cell phone and a garden-variety drone — the kind every kid is hoping to get this Christmas — can steal documents from Wi-Fi printers located 30 floors above the street.
Time for channel partners to raise their game
The demonstration puts an exclamation point on something we’ve been saying for months: In this era of heightened security concerns and increasing regulatory compliance issues, print-specialist partners need to raise their game to protect their clients’ systems, data, and sensitive documents.
Maybe the most frightening thing about the drone hack of the wireless printers is that it isn’t terribly complicated or difficult to pull off. The researchers from iTrust, a research center at the Singapore University of Technology and Design, used a custom app on a Samsung smartphone to scan for open Wi-Fi printers, identify devices and owners by SSID, and establish a bogus access point that mimics the printer and tricks computers on the network into submitting documents to it.
Any computer inside the attack zone will opt to connect to the fake printer over the real one, the researchers claim. The intercepted document gets shipped to the attacker’s Dropbox account via the smartphone connection. Adding insult to injury, the document is then sent to the office’s real printer so the victim gets their hard copy and can’t tell they’ve been hacked.
Because the smartphone needs to be in Wi-Fi range to make the hack work, researchers simply attached the mobile device to a drone and flew it up alongside the building until it found sufficient signal to connect. The effective range of the hack is about 30 meters.
Watch how the attack works
