Entire business processes are dependent on bar codes, but hackers can exploit that code to access relatively easily to the underlying computer systems. With a code, called Badbarcode, hackers are able to access with barcode scanners and barcode engineered a shell window on a host computer in order to execute commands.
The hack was demonstrated during the past week PanSec 2015 conference in Tokyo. "Badbarcode the host system can basically execute any command," warns one of the researchers on the Tencent's Xuanwu Lab Threat Post.
The hack works because many barcode not only consist of numeric and alphanumeric characters, but sometimes out of ASCII characters. Barcode scanners are essentially keyboard emulators and if they Code128 protocol support, an attacker can create a bar code that is read and opens up a shell on the computer. Performing the hack is therefore relatively easy, according to the researchers. A matter of generating some engineered barcodes and print them on paper.
The hack would be serious because it is not limited to a specific product. Several major manufacturers of barcode scanners like Esky, Symbol and Honeywell, make products that can be abused with it. The abuse by Badbarcode is preventable if manufacturers of barcode scanners additional functions, which are independent of the main protocol, default off. Would ASCII control characters should not be by default sent to the host.
No comments:
Post a Comment