When we published our research on network printer security at the beginning of the year, one major point of criticism was that the tested printers models had been quite old. This is a legitimate argument. Most of the evaluated devices had been in use at our university for years and one may raise the question if new printers share the same weaknesses.
35 year old
The key point here is that we exploited PostScript and PJL interpreters. Both printer languages are ancient, de-facto standards and still supported by almost any laser printer out there. And as it seems, they are not going to disappear anytime soon. Recently, we got the chance to test a $2,799 HP PageWide Color Flow MFP 586 brand-new high-end printer. Like its various predecessors, the device was vulnerable to the following attacks:
More info35 year old bugs features
The key point here is that we exploited PostScript and PJL interpreters. Both printer languages are ancient, de-facto standards and still supported by almost any laser printer out there. And as it seems, they are not going to disappear anytime soon. Recently, we got the chance to test a $2,799 HP PageWide Color Flow MFP 586 brand-new high-end printer. Like its various predecessors, the device was vulnerable to the following attacks:- Capture print jobs of other users if they used PostScript as a printer driver; This is done by first infecting the device with PostScript code
- Manipulate printouts of other users (overlay graphics, introduce misspellings, etc.) by infecting the device with PostScript malware
- List, read from and write to files on the printers file system with PostScript as well as PJL functions; limited to certain directories
- Recover passwords for PostScript and PJL credentials; This is not an attack per se but the implementation makes brute-force rather easy
- Launch denial of Service attacks of various kinds:
- PostScript based infinite loops
- PostScript showpage redefinition
- Disable jobmedia with proprietary PJL
- Set the device to offline mode with PJL
Now exploitable from the web
All attacks can be carried out by anyone who can print, which includes:- Web attacker:
- A malicious website that uses XSP
- Network access:
- Wireless access:
- Apple Air Print (enabled by default)
- Cloud access:
- Google Cloud Print (disabled by default)
- Physical access:
- Printing via USB cable or USB drive
- Potentially NFC printing (haven't tested)
Conclusion: Christian Slater is right
PostScript and PJL based security weaknesses have been present in laser printers for decades. Both languages make no clear distinction between page description and printer control functionality. Using the very same channel for data (to be printed) and code (to control the device) makes printers insecure by design. Manufacturers however are hard to blame. When the languages were invented, printers used to be connected to a computer's parallel or serial port. No one probably thought about taking over a printer from the web (actually the WWW did not even exist, when PostScript was invented back in 1982). So, what to do? Cutting support for established and reliable languages like PostScript from one day to the next would break compatibility with existing printer drivers. As long as we have legacy languages, we need workarounds to mitigate the risks. Otherwise, "The Wolf" like scenarios can get very real in your office…- Game Hacking
- Android Hack Tools Github
- How To Hack
- Pentest Recon Tools
- Hacker Tools Apk
- Hacker Tools Free
- Hak5 Tools
- Hacking Tools For Beginners
- Hacker Tools List
- Hacker Tools Free Download
- Nsa Hack Tools
- How To Install Pentest Tools In Ubuntu
- Hack Tool Apk
- Hacking Tools Windows 10
- Hack Tools For Windows
- How To Hack
- New Hacker Tools
- Pentest Automation Tools
- Pentest Tools Find Subdomains
- Pentest Tools Kali Linux
- Underground Hacker Sites
- Hack Tool Apk No Root
- Hack Tools Mac
- Top Pentest Tools
- Pentest Tools Download
- Hacker Security Tools
- Android Hack Tools Github
- Hackrf Tools
- Hack Rom Tools
- Kik Hack Tools
- Best Hacking Tools 2020
- What Are Hacking Tools
- World No 1 Hacker Software
- Hacking Tools Hardware
- Pentest Tools Linux
- Pentest Recon Tools
- Hack Tools Download
- Tools For Hacker
- Pentest Tools Download
- Pentest Tools Free
- Pentest Tools Kali Linux
- Hacker Tools Online
- Hacking Tools Hardware
- Pentest Tools Alternative
- Hacker Tools List
- Hacker Tools Free
- Hacker Tools
- Hacking Tools Usb
- Hacking Tools For Windows Free Download
- Hacker Tools Apk
- Hacking Tools
- Game Hacking
- Hacker Tools List
- Ethical Hacker Tools
- Hacker Tools Apk Download
- Pentest Tools
- Hack App
- Nsa Hack Tools
- Pentest Tools
- Pentest Tools Tcp Port Scanner
- Hacking Tools For Windows Free Download
- Free Pentest Tools For Windows
- Pentest Tools Bluekeep
- Hack Tools Online
- Hacking Tools For Kali Linux
- Pentest Tools For Windows
- Hacking Tools Mac
- World No 1 Hacker Software
- Best Pentesting Tools 2018
- Kik Hack Tools
- Pentest Tools Website
- Blackhat Hacker Tools
- Pentest Tools Bluekeep
- Termux Hacking Tools 2019
- Hacking Tools Download
- Pentest Automation Tools
- Hacking Tools 2020
- Hacking Tools Name
- Pentest Tools Nmap
- Hacking Tools For Beginners
- New Hacker Tools
- Pentest Tools Github
- Beginner Hacker Tools
- Tools 4 Hack
- Best Hacking Tools 2020
- Hackrf Tools
- Hack Tools For Games
- Hacker Tools For Ios
- Hacking Tools Windows 10
- Hacker Tools For Mac
- Free Pentest Tools For Windows
- Pentest Tools Free
- Nsa Hack Tools
- Hack Apps
- Best Hacking Tools 2020
- Growth Hacker Tools
- Kik Hack Tools
- Hacking Tools
- Nsa Hacker Tools
- Pentest Tools
- Hacking Tools Mac
- World No 1 Hacker Software
- Android Hack Tools Github
- Pentest Tools Windows
- What Is Hacking Tools
- Computer Hacker
- Hack Tools Download
- Game Hacking
- How To Hack
- Pentest Tools Download
- Hack Tools Pc
- Hack Tools For Windows
- Pentest Tools Kali Linux
- Pentest Tools Apk
- Pentest Reporting Tools
- New Hack Tools
- Hacking Tools And Software
- Pentest Tools Website
- Hack Tool Apk
- Hacker Tools Mac
- Hacker Tools Online
- Hacking Tools For Windows Free Download
- Pentest Tools For Ubuntu
- Hack Tools Download
- Pentest Tools Kali Linux
- Hacking Tools Mac
- Hacking Tools Pc
- Hacking Tools 2019
- Hack Rom Tools
- Hacking Apps
- Hack Rom Tools
- What Are Hacking Tools
- Pentest Tools Download
- Hacking Tools Download
- Hacker Tools Hardware
- Hacker Tools 2019
- Pentest Automation Tools
- Pentest Tools List
- Pentest Tools Website
- Best Pentesting Tools 2018
- Hack Tools For Games
- Hacker Tools Windows
- Hack Tools
- What Is Hacking Tools
- Hack App
- Pentest Recon Tools
- Usb Pentest Tools
- Hacker Tools Linux
- Pentest Tools Free
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου