Reverse engineering hardware: What’s the point?

At Black Hat MEA 2022, Wesam Alzahir (Software Engineer at CloudApps) showed us how he reverse engineered thermal printers to identify vulnerabilities that could affect the security of a retailer or its customers.

Thermal printers are small, cashier-side printers that are often used by restaurant businesses to print customer receipts, and to print customer orders in restaurant kitchens – which kitchen staff then use to keep track of the food they need to prepare.

Thermal printers aren’t an obvious target for a cyber attack. But Alzahir discovered various inconsistencies in how these printers work, and a prevalence of issues including difficulties connecting printers to other devices; connection holding; and buffering. So he decided to use a reverse engineering process to understand how they work – and how they could be breached.

Static and dynamic reverse engineering

Moving through a process that began with static research (gathering information about the devices from the manufacturer and online) and then shifted into dynamic reverse engineering, Alzahir identified command protocols and functions, and tested them to understand how and when they were mis-implemented.

He then identified a number of possible attacks that could exploit vulnerabilities in thermal printers. Attackers could

• Collect data from receipts – including customer data and sales information
• Manipulate the receipts/item slips so that the orders received by kitchen stuff did not match the orders actually made by customers
• Disable receipt printing/item slip printing, leading to operations disruption

And all of these possible attacks could cause damage to the reputation of a business, as well as loss of earnings through lost orders or customer compensation.

Once he’d identified these threat types, Alzahir took this a step further and conducted attack experiments on seven restaurants – and his attacks worked on all but one of the targets.

Reverse engineering provides new knowledge and the scope for solving problems

The knowledge gained through Alzahir’s process provided a new understanding of the risks involved in thermal printer use. And when you understand problems and risks, you can develop solutions to improve security.

From a restaurant point of view, for example, managers might opt for a digital dispatching solution instead of thermal printers. And at the level of printer manufacturers, there’s scope for improving security within the design and manufacturing process – which, by extension, would increase trust in their products.

Reverse engineering means looking at a product from the outside in to investigate vulnerabilities and develop potential solutions. And Alzahir’s work on thermal printers is an example of the usefulness of this kind of security research; relying on technological skill and the power of curiosity to gain a greater understanding of an organisation’s complete threat landscape – including seemingly innocuous hardware that many of us take for granted as safe.