O perigo dos servidores Web embebidos

Nos velhos tempos a interface standard para um dispositivo como uma impressora ou uma placa de hardware era algo como uma porta RC-232C e um software modo texto que copiava bytes para trás e para a frente. Agora é todo um servidor Web, com uma complexidade incrivelmente superior. Em termos de segurança nem se fala na diferença. E acontece o óbvio:

Jul 21, 2011, Kelly Jackson Higgins, Dark Reading

Michael Sutton, vice president of security research for Zscaler Labs, at Black Hat USA 2011 next month will demonstrate his findings: Ricoh and Sharp copiers, HP scanners, and Snom voice-over-IP (VoIP) phones were the most commonly discovered devices, all accessible via the Internet. "It was pretty shocking to me: Virtually none of these should be exposed to the Internet. There's not a good reason that an HP scanner should be exposed to the Net," Sutton says.

It's a recipe for disaster: Embedded Web servers with little or no security get misconfigured when they're installed. Most likely, the potential victims are small to midsize businesses or consumers with less technical expertise who misconfigure their devices and have no idea they're showing up online. "They're taking this device, plugging it into the wall, and making a mistake on a router or access point ... and suddenly things are exposed to the Web," he says.

Sutton used Amazon EC2 computing resources to constantly scan large blocks of addresses and to detect any embedded Web servers. Sharp and Ricoh copiers digitally archive past photocopies, he notes, so if that feature is enabled and the copier is sitting on the Net unsecured, an attacker could retrieve any previously photocopied documents, he says. Even the fax-forwarding feature in some HP scanners could be abused if the scanner were open to the Internet: An attacker could access any faxed documents to the user by having them forwarded to his fax machine, for example.