When scanners attack, it just makes you WannaCry. So we had WannaCry, DoublePulsar, Petya – the whole EternalBlue exploit release. EternalBlue exploits a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows accepts specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer. The good news is the SMBv1 flaw only exists in… Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; Windows Server 2016; Windows 2003 and Windows XP. If that was not enough, it also exists in another operating system not often mentioned – Windows POS. POS in this case stands for “Point of Service” and not what first came to mind.
If you had to pick an embedded
operating system, I can hardly think of a more problematic pick than one based
on Windows. I talked about a coming IoT disaster in the article Woefully
Unprepared, but Full Steam Ahead! That was back in 2015. The signs are all
around that we are not getting the full picture – Smart Cars, Smart Manufacturing,
Smart Medical Records and Smart Cities to name a few. All cobbled together with
whatever “stuff” is available and that includes a lot of stuff designed and
built under the “just
barely good enough” paradigm.
Recently I was tracking down WannaCry attack traffic coming
loud and strong from an IP address that I soon associated to an HP Scanner.
Yes, a scanner… but a scanner that utilizes Windows POS. I now have to worry
about large format scanners. Tomorrow it will be light bulbs, door locks and
the candy machine.
In a more recent article titled, How vendors empower weak security I
looked at how security is still a missing component from design and review. To
add to those examples I now have another. If you look at the specifications for
this larger format scanner, under Security Features you will find:
That first highlighted section shows what is available for
Antivirus on this embedded device. The matrix states,
“Closed systems with very low risk of being infected by a virus, so no antivirus is required”
Apparently, the closed
system did not realize this because it had the WannaCry virus and was
trying to infect everything it could find.