Mimic: The ransomware exploiting Windows search
Discover an emerging ransomware family that’s using a legitimate Windows search tool to locate victims’ files before encrypting them.
Read MoreAt Black Hat MEA 2022, Wesam Alzahir (Software Engineer at CloudApps) showed us how he reverse engineered thermal printers to identify vulnerabilities that could affect the security of a retailer or its customers.
Thermal printers are small, cashier-side printers that are often used by restaurant businesses to print customer receipts, and to print customer orders in restaurant kitchens – which kitchen staff then use to keep track of the food they need to prepare.
Thermal printers aren’t an obvious target for a cyber attack. But Alzahir discovered various inconsistencies in how these printers work, and a prevalence of issues including difficulties connecting printers to other devices; connection holding; and buffering. So he decided to use a reverse engineering process to understand how they work – and how they could be breached.
Moving through a process that began with static research (gathering information about the devices from the manufacturer and online) and then shifted into dynamic reverse engineering, Alzahir identified command protocols and functions, and tested them to understand how and when they were mis-implemented.
He then identified a number of possible attacks that could exploit vulnerabilities in thermal printers. Attackers could
And all of these possible attacks could cause damage to the reputation of a business, as well as loss of earnings through lost orders or customer compensation.
Once he’d identified these threat types, Alzahir took this a step further and conducted attack experiments on seven restaurants – and his attacks worked on all but one of the targets.
The knowledge gained through Alzahir’s process provided a new understanding of the risks involved in thermal printer use. And when you understand problems and risks, you can develop solutions to improve security.
From a restaurant point of view, for example, managers might opt for a digital dispatching solution instead of thermal printers. And at the level of printer manufacturers, there’s scope for improving security within the design and manufacturing process – which, by extension, would increase trust in their products.
Reverse engineering means looking at a product from the outside in to investigate vulnerabilities and develop potential solutions. And Alzahir’s work on thermal printers is an example of the usefulness of this kind of security research; relying on technological skill and the power of curiosity to gain a greater understanding of an organisation’s complete threat landscape – including seemingly innocuous hardware that many of us take for granted as safe.
Join the newsletter to receive the latest updates in your inbox.
Discover an emerging ransomware family that’s using a legitimate Windows search tool to locate victims’ files before encrypting them.
Read MoreWhat are non-human identities (NHIs) and why are they driving a paradigm shift in identity security?
Read MoreNew research shows that a growing number of organisations view cybersecurity as a strategic priority.
Read More