But there's a reasonable chance someone evil works for the printer company and every printer sold contains this backdoor.

Or the FedEx driver who delivered it to the nuclear plant flashed a modded firmware with the same version number?

How often have you disassembled your printer firmware and given it a decent audit?

> But there's a reasonable chance someone evil works for the printer company and every printer sold contains this backdoor.

If your threat model does legitimately consider this to be a "reasonable chance", then your facility will be printer-free.

Don't forget toner has firmware in it these days ;)

Facts! But seriously, if we're talking about the realistic risks printers pose in most environments, it is not having data exfiltrated via LED signaling or other vanity supply chain injection attacks; the number one risk is by having staff not dispose of sensitive documents properly, whether it's leaving them out on their desk or just chucking them in the bin, or taking them home with them, etcetera.

Vanity attacks with branded names like this "Lasershark" sound sexy and appealing, because they invoke James Bond-style gadgetry and accompanying delusions of grandeur, but real life is decidedly more prosaic: someone is going to discover infinitely more intelligence while expanding exponentially less time and energy by just good old fashioned dumpster diving than by designing and successfully implementing a novel airgap exfiltration methodology.

Agreed, this kind of thing always seems like a post-grad expirement to get grant money from the bureaucratic fear mongers. I had to sit through a symposium on quantum messaging with qubits via encrypted laser transmission. It was literally line-of-sight and required impossibly expensive field equipment....

I don’t think you have a realistic appreciation for what kind of resources are available to interested parties. I would think that the classic “Mossad or not Mossad” threat model might be a good starting point.

Air gapped networks and hardware are interesting to powerful organizations. Don’t underestimate the base for “impossibly expensive”

Counter-example is that this style exploit was actually used in practice to get code off the Apple iPod.

I’m not familiar with this for the iPod, but the Magic Lantern team has dumped firmware from Canon cameras by using an LED as a bit-banged serial interface.

But I don’t know how much of a realistic threat it poses, because in order to control GPIO LEDs the computer already needs to be pwned. Magic Lantern dumped firmware via LED because there wasn’t a known serial link or display driver or anything like that to make it easier.

But it’s a camera, and it’s not designed to be airtight air-gapped. Running arbitrary code is certainly discouraged, but to my knowledge Canon has never fought against consensual hacking of their cameras. (I say “consensual,” because there have been, say, Wi-Fi exploits found and patched, but that’s probably not the way a camera owner would try to get in.)

Anyway, this boils down to the definition of an air gap, because any input/output device is bridging it. A printer was mentioned, of course printing sensitive information is a bridge across the gap. And if the machine has GPIO LEDs then that’s a bridge, too. But what about a hidden camera pointing at the monitor? Frankly the monitor itself is a serious exfiltration risk across the air gap, no?

So as always in security, at some point we have to say “good enough,” and consider it as safe as can be.