On Fri, Feb 16, 2024 at 1:49 PM Michael Sweet <msweet at msweet.org> wrote:
> > 2. This specifically talks about IPP-USB. A lot of printers
> > broadcast some kind of initial setup SSID when they're first plugged
> > in. Does it make sense to allow this mechanism when connected to that
> > SSID as well? This would be an improvement in convenience for the
> > user, especially in cases where they might not be planning to put the
> > printer within USB range of a computer.
> >
> > Obviously it's not as secure as being physically plugged into the
> > printer, but in most home networks, the window where an attacker is
> > going to come connect a new printer to a rogue network is going to be
> > small. Since that SSID is specifically used for setting up the
> > printer, an attacker could potentially just connect to it and set up
> > the printer anyway.
> >
> > Does this deserve some discussion in the document, either as a
> > possible implementation or as a reason why it's a bad idea?
>> Probably worth discussing. FWIW, such usage would be trivial to exploit, from a distance, through walls, etc. With proper authentication it would be fine, just not without some access control.
Agreed that it's trivial to exploit, but a printer broadcasting an
open setup SSID is already trivial to exploit. If I'm within WiFi
range and could push these IPP attributes to the printer, I could also
just use the manufacturer's official app to set up the printer, change
the password to something the owner doesn't know, etc. The printers
I've played with have mitigations like turning off the setup SSID
after a few minutes; those precautions would seem to apply here as
well.
Thanks,
Benjamin