A senior security consultant at Coalfire, Dan McInerney, published a three-part blog where he talks about the threats that modern-day IoT devices pose through an experiment. The experiment exposes the possibility of physical harm that the exploitation of these devices can cause even remotely. Such devices contain heating elements that can be weaponized by the attackers for inducing fires and explosions.
A Flashforge Finder printer has been picked up for the purpose of the study, considering it a cheap and common variant used by most non-technical people, including kids, who are unaware of any consequences that may arise if their device is exploited. Flashforge is a 3D printer in which wifi is enabled by default and allows updates over the network.
How it works
Usually, devices like printers have a temperature constraint (240 degrees celsius for this particular printer) over their heating element. However, it can be removed using remote engineering techniques, which has been illustrated using the NSA’s Ghidra in the second part of the blog along with the patching techniques. The modern-day printers have the capability to get connected to the internet, which may be found via the Shodan search engine and flashed with fire-inducing firmware from anywhere in the world.
For creating fire, the attacker will first gain access to a wifi network with flash forge on it. Then he will ARP spoof the printer using bettercap, and then DNS spoof the address of the public firmware depository using bettercap. He will then host malicious firmware at the spoofed address and wait for the owner to update their firmware or will do it himself with physical access.
The experimentalists observed that initially, the temperature was not rising more than 261 degrees celsius, which was because of some security features. However, in the third part of the experiment, the team at Coalfire tried to raise the temperature to 455-degree celsius. They succeeded in and found that the temperature was not rising because of the 24 V power cable. When it was replaced with a high-rated cable, the temperature started rising.
The device started sputtering and spitting molten plastic out of the nozzle. The base platform was moved up into the nozzle, and the device started exhibiting chemicals that were likely to affect the people in a 6-feet radar of the device. The burn test was not continued further; given the horrendous implications, it could have based on an earlier reported incident.
The demonstration clearly indicated that a mere hacking of the firmware and rising the temperature can have far-reaching consequences. The experiment made a clear distinction about the threats that modern-day IoT devices bring to our homes. The report concluded that one of the ways to deal with the threat could be by following the example of Laserjet printers, which include the physical thermal breakers that shut down the printer at a specific temperature. Physical Security features could not be overcome just by software updates.