When we published our research on network printer security at the beginning of the year, one major point of criticism was that the tested printers models had been quite old. This is a legitimate argument. Most of the evaluated devices had been in use at our university for years and one may raise the question if new printers share the same weaknesses.
35 year old
The key point here is that we exploited PostScript and PJL interpreters. Both printer languages are ancient, de-facto standards and still supported by almost any laser printer out there. And as it seems, they are not going to disappear anytime soon. Recently, we got the chance to test a $2,799 HP PageWide Color Flow MFP 586 brand-new high-end printer. Like its various predecessors, the device was vulnerable to the following attacks:
35 year old bugs features
The key point here is that we exploited PostScript and PJL interpreters. Both printer languages are ancient, de-facto standards and still supported by almost any laser printer out there. And as it seems, they are not going to disappear anytime soon. Recently, we got the chance to test a $2,799 HP PageWide Color Flow MFP 586 brand-new high-end printer. Like its various predecessors, the device was vulnerable to the following attacks:- Capture print jobs of other users if they used PostScript as a printer driver; This is done by first infecting the device with PostScript code
- Manipulate printouts of other users (overlay graphics, introduce misspellings, etc.) by infecting the device with PostScript malware
- List, read from and write to files on the printers file system with PostScript as well as PJL functions; limited to certain directories
- Recover passwords for PostScript and PJL credentials; This is not an attack per se but the implementation makes brute-force rather easy
- Launch denial of Service attacks of various kinds:
- PostScript based infinite loops
- PostScript showpage redefinition
- Disable jobmedia with proprietary PJL
- Set the device to offline mode with PJL
Now exploitable from the web
All attacks can be carried out by anyone who can print, which includes:- Web attacker:
- A malicious website that uses XSP
- Network access:
- Wireless access:
- Apple Air Print (enabled by default)
- Cloud access:
- Google Cloud Print (disabled by default)
- Physical access:
- Printing via USB cable or USB drive
- Potentially NFC printing (haven't tested)
Conclusion: Christian Slater is right
PostScript and PJL based security weaknesses have been present in laser printers for decades. Both languages make no clear distinction between page description and printer control functionality. Using the very same channel for data (to be printed) and code (to control the device) makes printers insecure by design. Manufacturers however are hard to blame. When the languages were invented, printers used to be connected to a computer's parallel or serial port. No one probably thought about taking over a printer from the web (actually the WWW did not even exist, when PostScript was invented back in 1982). So, what to do? Cutting support for established and reliable languages like PostScript from one day to the next would break compatibility with existing printer drivers. As long as we have legacy languages, we need workarounds to mitigate the risks. Otherwise, "The Wolf" like scenarios can get very real in your office…More articles
- Hack Tools For Mac
- Hacking Tools For Windows 7
- Hacking Tools Usb
- Hacker Tools Software
- Pentest Tools Windows
- Hacking Tools Hardware
- Pentest Tools Apk
- Pentest Recon Tools
- Hacker Search Tools
- Hacker Techniques Tools And Incident Handling
- Wifi Hacker Tools For Windows
- Pentest Tools Github
- Pentest Tools Framework
- Hacking Tools Free Download
- Hack Tools
- Wifi Hacker Tools For Windows
- Hacker Search Tools
- Hacker Tools Windows
- Hack Website Online Tool
- Hacking Tools Mac
- What Are Hacking Tools
- Hacking Tools For Mac
- Hack Apps
- Hacker Tool Kit
- Hacking Tools For Mac
- Hacks And Tools
- Best Hacking Tools 2020
- Hack Tools
- Pentest Automation Tools
- Hacking Tools For Windows
- Free Pentest Tools For Windows
- Hack Tools
- What Is Hacking Tools
- Hacking Tools Github
- Pentest Tools Free
- Bluetooth Hacking Tools Kali
- Nsa Hacker Tools
- Hacker Tool Kit
- Hack Tools
- Hack Tools For Windows
- Best Hacking Tools 2020
- Hacking Tools For Windows 7
- New Hack Tools
- Pentest Tools Tcp Port Scanner
- Hack Tools 2019
- Hacker Tools Free Download
- Hack And Tools
- Top Pentest Tools
- Hacker Tools For Ios
- Hacking Tools For Windows
- Hacker Tools 2019
- Pentest Tools Tcp Port Scanner
- Hack Tools
- Nsa Hacker Tools
- Install Pentest Tools Ubuntu
- Pentest Recon Tools
- Beginner Hacker Tools
- Hacking Tools Github
- Pentest Recon Tools
- Pentest Tools Bluekeep
- Physical Pentest Tools
- Hack Tools Online
- Hacking Tools Usb
- Hacking Tools Github
- Hacking Tools Hardware
- Hak5 Tools
- Pentest Tools Download
- Hacking Tools Mac
- Hacker Tools Free
- Pentest Tools Apk
- Hacking Tools Hardware
- Pentest Tools Kali Linux
- Hack Tool Apk No Root
- Hacking Tools Windows 10
- Easy Hack Tools
- Hack Tools Mac
- Hacker Tools List
- Pentest Tools Website Vulnerability
- Hack Tools Github
- Hacking Tools Online
- What Are Hacking Tools
- Kik Hack Tools
- Pentest Tools Framework
- Pentest Tools
- Hacking Tools For Beginners
- Kik Hack Tools
- New Hack Tools
- Pentest Tools Find Subdomains
- Hak5 Tools
- Hacking Tools Online
- Hacks And Tools
- Blackhat Hacker Tools
- What Are Hacking Tools
- Hacker Tools For Windows
- New Hacker Tools
- Hack Tools For Ubuntu
- Hacker Tools Hardware
- Computer Hacker
- Pentest Tools Github
- Hack Tools Github
- Blackhat Hacker Tools
- Hack Tools For Mac
- Hacking Tools Windows
- What Is Hacking Tools
- Hack Tools For Mac
- Nsa Hack Tools Download
- Hacking Tools Mac
- Hacker Search Tools
- Hacker Tools Software
- Pentest Tools Open Source
- Physical Pentest Tools
- Hacking Tools Online
- Pentest Recon Tools
- Hack Tools
- Pentest Tools Port Scanner
- Pentest Automation Tools
- Nsa Hacker Tools
- New Hack Tools
No comments:
Post a Comment