Jinghui Toh, Muhammad Hatib, Omer Porzecanski, Y. Elovici
{"title":"网络安全巡逻:检测假冒易受攻击的wifi打印机","authors":"Jinghui Toh, Muhammad Hatib, Omer Porzecanski, Y. Elovici","doi":"10.1145/3019612.3019722","DOIUrl":null,"url":null,"abstract":"Many printers nowadays support Wi-Fi connectivity. Some organizations opt to disable their printer's wireless connectivity, others are not aware at all that it is enabled and some enable it in an encrypted form. In this paper we demonstrate how an application called \"pFaker\" running on a mobile device or smart watch can be used to mimic a printer's Wi-Fi connectivity and functionalities in order to harm user privacy by unobtrusively stealing print jobs. To mitigate these risks, we developed a mobile application called \"Cyber-Security Patrol\". We demonstrate how a mobile phone running Cyber-Security patrol can be placed on a drone or an autonomous vacuum cleaner to search for devices that try to mimic the printer's Wi-Fi connectivity and for printers that expose unsecured wireless connection in the target organization. Cyber-Security Patrol takes photos of the location where unauthorized Wi-Fi enabled printers were detected and sends them to the organization's administrator. For cases that the Wi-Fi enabled printer is legitimate but unsecured, Cyber Security Patrol sends a print job to the printer with detailed instructions on how to secure the specific printer model as identified based on its Service Set Identifier (SSID). A demo that demonstrates one of the use cases can be found here: https://www.youtube.com/watch?v=aJ2ZG04BrjM","PeriodicalId":20728,"journal":{"name":"Proceedings of the Symposium on Applied Computing","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Cyber security patrol: detecting fake and vulnerable wifi-enabled printers\",\"authors\":\"Jinghui Toh, Muhammad Hatib, Omer Porzecanski, Y. Elovici\",\"doi\":\"10.1145/3019612.3019722\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Many printers nowadays support Wi-Fi connectivity. Some organizations opt to disable their printer's wireless connectivity, others are not aware at all that it is enabled and some enable it in an encrypted form. In this paper we demonstrate how an application called \\\"pFaker\\\" running on a mobile device or smart watch can be used to mimic a printer's Wi-Fi connectivity and functionalities in order to harm user privacy by unobtrusively stealing print jobs. To mitigate these risks, we developed a mobile application called \\\"Cyber-Security Patrol\\\". We demonstrate how a mobile phone running Cyber-Security patrol can be placed on a drone or an autonomous vacuum cleaner to search for devices that try to mimic the printer's Wi-Fi connectivity and for printers that expose unsecured wireless connection in the target organization. Cyber-Security Patrol takes photos of the location where unauthorized Wi-Fi enabled printers were detected and sends them to the organization's administrator. For cases that the Wi-Fi enabled printer is legitimate but unsecured, Cyber Security Patrol sends a print job to the printer with detailed instructions on how to secure the specific printer model as identified based on its Service Set Identifier (SSID). A demo that demonstrates one of the use cases can be found here: https://www.youtube.com/watch?v=aJ2ZG04BrjM\",\"PeriodicalId\":20728,\"journal\":{\"name\":\"Proceedings of the Symposium on Applied Computing\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-04-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Symposium on Applied Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3019612.3019722\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Symposium on Applied Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3019612.3019722","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Cyber security patrol: detecting fake and vulnerable wifi-enabled printers
Many printers nowadays support Wi-Fi connectivity. Some organizations opt to disable their printer's wireless connectivity, others are not aware at all that it is enabled and some enable it in an encrypted form. In this paper we demonstrate how an application called "pFaker" running on a mobile device or smart watch can be used to mimic a printer's Wi-Fi connectivity and functionalities in order to harm user privacy by unobtrusively stealing print jobs. To mitigate these risks, we developed a mobile application called "Cyber-Security Patrol". We demonstrate how a mobile phone running Cyber-Security patrol can be placed on a drone or an autonomous vacuum cleaner to search for devices that try to mimic the printer's Wi-Fi connectivity and for printers that expose unsecured wireless connection in the target organization. Cyber-Security Patrol takes photos of the location where unauthorized Wi-Fi enabled printers were detected and sends them to the organization's administrator. For cases that the Wi-Fi enabled printer is legitimate but unsecured, Cyber Security Patrol sends a print job to the printer with detailed instructions on how to secure the specific printer model as identified based on its Service Set Identifier (SSID). A demo that demonstrates one of the use cases can be found here: https://www.youtube.com/watch?v=aJ2ZG04BrjM
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
