Drones can be used to record incredible scenes for movies, to follow thieves from above, to save lives, or to carry out home deliveries at lightning speed. The great benefit that they provide has no limit and, unfortunately, this also opens the doors to various ways to misuse them for malicious gain.
They have since been used to introduce contraband into prisons, to illegally spy, and according to a group of investigators from the Singapore University of Technology and Design, they could also be used to intercept communications between a computer and a printer from above.
This flying robot could circle above a home or office and end up being more dangerous than you could imagine. If you don’t keep an eye on your security, private documents and files that contain information such as passport numbers and addresses could end up in the hands of criminals.
To demonstrate that this threat is real and exists, the investigators equipped a drone with a smartphone and developed two apps that were designed to intercept the communications of a printer from outside of the building in which it was running.
The first of these apps, Cybersecurity Patrol, detects vulnerable printers – in fact, it can be used to detect security holes and even close them – and the second, which for obvious reasons remains secret, passes itself off as the machine. Basically, it creates a false access point and pretends to be the printer, tricking the computer into sending the files to it.
In principle, all that you need is a smartphone in order to carry out these attacks, but the drone comes into play when it comes to getting the required distance (a radius of 26 meters, at most) to trick the computer. By flying over a building at this distance, a simply drone could give cybercriminals access to your home or office network.
Beyond the drone, the investigators have also shown that it is possible to use an automatic hoover to introduce the mobile device in search of vulnerable printers.
The aim of the team from the Singapore University of Technology and Design is simply to alert businesses to the danger that an apparently inoffensive printer could pose, and that it is relatively easy for a criminal to gain access to information by using rather simple methods.
“The main point [of the research] was to develop a mechanism to try to patrol the perimeter of the organization and find open printers from outside the organization,” state the experts. “It’s dramatically cheaper than a conventional pen test.”
The study was completed as part of a project on cybersecurity that was sponsored by the Singaporean government and focused on printers because, as was agreed by all involved, they are a weak point that is often overlooked in offices. A lot of wireless printers are sold with an open Wi-Fi connection as default, and a lot of the owners later forget to change this setting, leaving them vulnerable to cybercriminals.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
