Identifying and Protecting Yourself from the ‘Funtenna’ Exploit
When you think of endpoint devices, you immediately picture desktop computers, laptops, smartphones and tablets. It’s easy to forget that network-connected printers are, in fact, primary endpoints that require appropriate network security. As printer capabilities increase, they become even more accessible, creating new vulnerabilities where bad actors can hijack your sensitive data.
From 2006 to 2016, the average organizational cost of business security breaches in the United States amounted to 7.01 million U.S. dollars. As depicted in the chart below, the likelihood of enterprises experiencing a breach has increased over the past 3 years, showing no signs of slowing down.
Part of the problem is that only 38 percent of companies have sustained practices to detect and prevent actual risks. Even more so, a recent survey conducted by Spiceworks, reveals that only 18 percent of IT professionals don’t even consider printers to be a medium or high risk for malware or breaches. In reality, printers are a gateway for threats such as Funtenna.
How does Funtenna work?
Funtenna was developed by Ang Cui of Red Balloon Security calling on the roots of radio-based espionage employed in the Cold War. The exploit was introduced at the Black Hat Conference in 2015. It only takes seven lines of code to transform a laser printer into a backchannel radio device that transmits data without using the company’s Wi-Fi or Bluetooth infrastructure. Using the UART output with a 10-foot cable enabled the hacker to transmit data in a virtually undetectable fashion from inside a building with concrete walls to a receiver on the outside.
Cui noted at the conference that the same kind of exploit could be launched from ‘internet of things’ devices, from your HVAC to your automated lights to your IoT-connected fridge.
How Do You Protect Your Business from Funtenna?
Simply put, the range and scope of Funtenna make it functionally impossible to track on a proactive basis. So how can you protect yourself? Cui makes it clear that the only real defense against Funtenna is for every single Internet-connected device to carry on-board security. When you evaluate IoT devices for your business (and your home) make sure to ask about or research embedded security.
When it comes to business printers, HP has you covered. HP LaserJet and PageWide Enterprise Printers have impressive built-in security to combat an array of exploits, making them the world’s most secure business printers¹.
- HP Sure Start validates the integrity of the BIOS code. If the BIOS code has been changed or compromised, the printer reboots with the last good ‘golden’ copy of the BIOS.
- Whitelisting compares the firmware of the printer during startup to a list of known-good firmware that’s been digitally signed by HP.
- Run-time intrusion detection monitors complex firmware and memory operations, rebooting the printer if any anomalies are detected.
These features deliver the industry’s deepest printer security1—and the best way to protect your data from malicious exploits like Funtenna. This is not a problem that’s going away, either. More recently, a hacker exploited a vulnerability that found many printers exposed to the internet through port 9100. He then used that exposure to print anti-Semitic fliers to workplaces and homes across North America using a simple Bash script.
Printers are endpoints that need to be secured. Learn more about how you can combat data threats by reading this e-book, your guide to successfully protecting your printer fleet.
¹Based on HP review of 2015 published embedded security features of competitive in-class printers. Only HP offers a combination of security features for integrity checking down to the BIOS with self-healing capabilities. A FutureSmart service pack update may be required to activate security features on the HP LaserJet M527, M506, M577. Some features will be made available as a HP FutureSmart service pack update on select existing enterprise printer models. For a list of compatible products see hp.com/go/LJcompatibility. For more information visit: www.hp.com/go/LJsecurityclaims