When we published our research on network printer security at the beginning of the year, one major point of criticism was that the tested printers models had been quite old. This is a legitimate argument. Most of the evaluated devices had been in use at our university for years and one may raise the question if new printers share the same weaknesses.
35 year old
The key point here is that we exploited PostScript and PJL interpreters. Both printer languages are ancient, de-facto standards and still supported by almost any laser printer out there. And as it seems, they are not going to disappear anytime soon. Recently, we got the chance to test a $2,799 HP PageWide Color Flow MFP 586 brand-new high-end printer. Like its various predecessors, the device was vulnerable to the following attacks:
35 year old bugs features
The key point here is that we exploited PostScript and PJL interpreters. Both printer languages are ancient, de-facto standards and still supported by almost any laser printer out there. And as it seems, they are not going to disappear anytime soon. Recently, we got the chance to test a $2,799 HP PageWide Color Flow MFP 586 brand-new high-end printer. Like its various predecessors, the device was vulnerable to the following attacks:- Capture print jobs of other users if they used PostScript as a printer driver; This is done by first infecting the device with PostScript code
- Manipulate printouts of other users (overlay graphics, introduce misspellings, etc.) by infecting the device with PostScript malware
- List, read from and write to files on the printers file system with PostScript as well as PJL functions; limited to certain directories
- Recover passwords for PostScript and PJL credentials; This is not an attack per se but the implementation makes brute-force rather easy
- Launch denial of Service attacks of various kinds:
- PostScript based infinite loops
- PostScript showpage redefinition
- Disable jobmedia with proprietary PJL
- Set the device to offline mode with PJL
Now exploitable from the web
All attacks can be carried out by anyone who can print, which includes:- Web attacker:
- A malicious website that uses XSP
- Network access:
- Wireless access:
- Apple Air Print (enabled by default)
- Cloud access:
- Google Cloud Print (disabled by default)
- Physical access:
- Printing via USB cable or USB drive
- Potentially NFC printing (haven't tested)
Conclusion: Christian Slater is right
PostScript and PJL based security weaknesses have been present in laser printers for decades. Both languages make no clear distinction between page description and printer control functionality. Using the very same channel for data (to be printed) and code (to control the device) makes printers insecure by design. Manufacturers however are hard to blame. When the languages were invented, printers used to be connected to a computer's parallel or serial port. No one probably thought about taking over a printer from the web (actually the WWW did not even exist, when PostScript was invented back in 1982). So, what to do? Cutting support for established and reliable languages like PostScript from one day to the next would break compatibility with existing printer drivers. As long as we have legacy languages, we need workarounds to mitigate the risks. Otherwise, "The Wolf" like scenarios can get very real in your office…Related links
- Wifi Hacker Tools For Windows
- Pentest Tools Website
- Tools Used For Hacking
- How To Hack
- World No 1 Hacker Software
- Pentest Tools Apk
- Bluetooth Hacking Tools Kali
- Top Pentest Tools
- Hacks And Tools
- Hack Website Online Tool
- Hacker Hardware Tools
- How To Hack
- Hacking Tools For Windows Free Download
- Pentest Tools Alternative
- Hacking Tools Name
- Physical Pentest Tools
- Hackrf Tools
- Pentest Tools Kali Linux
- Computer Hacker
- Hacker Tools List
- Pentest Tools Windows
- Hacker Techniques Tools And Incident Handling
- Game Hacking
- Computer Hacker
- Hacker Tools For Ios
- Hak5 Tools
- Hack Tools Online
- Pentest Tools Linux
- Pentest Tools For Mac
- Pentest Tools
- Android Hack Tools Github
- Hacker Tools 2019
- Pentest Reporting Tools
- Pentest Recon Tools
- What Are Hacking Tools
- Hacking App
- Hacking Tools For Kali Linux
- Pentest Tools Bluekeep
- Hacker Tools Free
- Ethical Hacker Tools
- Pentest Tools Windows
- How To Make Hacking Tools
- Pentest Tools List
- Hacking Apps
- Hacking Tools Name
- Hacker Hardware Tools
- Hacker Tools Linux
- Termux Hacking Tools 2019
- Growth Hacker Tools
- Pentest Recon Tools
- Hacking Tools Mac
- Pentest Reporting Tools
- Pentest Tools Website
- Free Pentest Tools For Windows
- Pentest Recon Tools
- Hacker Tools Mac
- Pentest Tools Url Fuzzer
- Hacking Tools For Windows Free Download
- Pentest Tools Github
- Hacker Tools Free
- Hack Tools Pc
- Best Pentesting Tools 2018
- Hackrf Tools
- Hacker Tools Hardware
- Hacking Tools Windows 10
- Bluetooth Hacking Tools Kali
- Hack Rom Tools
- Hacker Tools 2019
- Pentest Tools Open Source
- Tools Used For Hacking
- Hacker Tools Github
- Pentest Tools Framework
- Hacking Tools For Mac
- Usb Pentest Tools
- Pentest Tools Find Subdomains
- Hacker Tools Apk Download
- Hacker Tools Windows
- Hacker Tools 2020
- Hacker Tools Github
- Pentest Tools Nmap
- Hackrf Tools
- Hack Tool Apk No Root
- World No 1 Hacker Software
- Hacking Tools For Windows 7
- Tools For Hacker
- Pentest Tools Linux
- What Is Hacking Tools
- Hacker Tools For Windows
- Hacking Tools For Windows 7
- Hacking Tools For Windows Free Download
- Hacker Techniques Tools And Incident Handling
- Best Pentesting Tools 2018
- Pentest Tools Windows
- Hacking Tools For Games
- Hacker Tools Mac
- Pentest Tools Nmap
- Hacking Tools For Windows
- Pentest Tools For Mac
- Hacker Tool Kit
- Hack Tools For Pc
- Hacker Techniques Tools And Incident Handling
- Hacker Tools Free
- Android Hack Tools Github
- Hacker Tools Apk
- Hacker Tools For Windows
- Hacker Tools Apk
- Beginner Hacker Tools
- Hacking Tools Free Download
- Pentest Tools Find Subdomains
- Pentest Tools Kali Linux
- Hacking Tools Mac
- Hacker Tools For Ios
- Hacking Tools Software
- Pentest Tools Open Source
- Hacking Tools Software
- Physical Pentest Tools
- Hacking Tools Mac
- Ethical Hacker Tools
- Hack Tool Apk No Root
- Hacker Tool Kit
- Pentest Tools Kali Linux
- Pentest Tools Url Fuzzer
- Hackers Toolbox
- Nsa Hack Tools Download
- Hacks And Tools
- Easy Hack Tools
- Hacker
- Hacker Tools List
- Wifi Hacker Tools For Windows
- Github Hacking Tools
- Hacker Tools Github
- Hacking Tools Name
- How To Hack
- Free Pentest Tools For Windows
- Hacking Tools Windows 10
- Hack Tools For Games
- Hack Tools Mac
- Android Hack Tools Github
- Nsa Hacker Tools
- Pentest Tools Online
- Wifi Hacker Tools For Windows
- New Hacker Tools
- Hack Tools For Ubuntu
- Hacker Tools Apk
Nenhum comentário:
Postar um comentário