[Accessing PC through network printer?]

I'm the sysadmin for a university academic department, and I have a user who is receiving confidential information from the federal government.

The terms of the contract are that the data must be worked on with a standalone PC that has the NIC disabled in the BIOS, and the data must be stored encrypted. No problem; this is all easy. The user may export data to CD or print it for use, but must shred the CD or paper when finished. No problem.

She'd also like to be able to print documents. Again, no problem...printer connected via USB.

The office housing this standalone PC has a network printer in it. When one prints from the network-connected PC in that room, they just use IP printing.

I'm eyeing the unused USB port on the printer. If I were to connect the printer's USB port to the standalone PC, and the printer is connected to the network at large, I would be technically satisfying the contract, but there would not be a true airgap.

Has anyone out there ever heard of a successful attack on a PC being carried by network <-Ethernet-> network printer <-USB-> standalone PC? I'm conceptually thinking about someone flashing the printer's firmware to turn the printer into a USB rubber ducky or USB docking station.

I'm assuming here that the attacker would not have physical access to the printer.

Thanks!

[Episode 1107 - Burglar Alarm With Http Interface?]

I just watched Episode 1107, and I believe I heard Darren mention that there is a burglar alarm with an HTTP interface that he was able to defeat.

What brand alarm is this? I'd love to take a look at this system.

Honeywell's popular Ademco burglar alarm control panels can be monitored via POTS, GSM, or IP. One of their control panels (VISTA-21iP) has an Ethernet port on the board itself, and add-on communicators are available for other models of panel. IIRC, these Ethernet interfaces are strictly for communications with Honeywell AlarmNet (they don't want to cut off _that_ cash cow), and not for the end-user or installer to program or maintain the panel. Even Honeywell's "keypad on your smartphone" service relays through AlarmNet servers instead of talking directly to your control panel via a forwarded port.

It would be interesting to look into the POTS, GSM, or IP interfaces on an Ademco panel can be used to defeat monitoring without the central station finding out, disarm the system, or merely prevent it from going into alarm during a burglary. POTS is most likely out of the question, since if the panel doesn't even pick up the phone...you're kinda stuck.