When we published our research on network printer security at the beginning of the year, one major point of criticism was that the tested printers models had been quite old. This is a legitimate argument. Most of the evaluated devices had been in use at our university for years and one may raise the question if new printers share the same weaknesses.
35 year old
The key point here is that we exploited PostScript and PJL interpreters. Both printer languages are ancient, de-facto standards and still supported by almost any laser printer out there. And as it seems, they are not going to disappear anytime soon. Recently, we got the chance to test a $2,799 HP PageWide Color Flow MFP 586 brand-new high-end printer. Like its various predecessors, the device was vulnerable to the following attacks:
35 year old bugs features
The key point here is that we exploited PostScript and PJL interpreters. Both printer languages are ancient, de-facto standards and still supported by almost any laser printer out there. And as it seems, they are not going to disappear anytime soon. Recently, we got the chance to test a $2,799 HP PageWide Color Flow MFP 586 brand-new high-end printer. Like its various predecessors, the device was vulnerable to the following attacks:- Capture print jobs of other users if they used PostScript as a printer driver; This is done by first infecting the device with PostScript code
- Manipulate printouts of other users (overlay graphics, introduce misspellings, etc.) by infecting the device with PostScript malware
- List, read from and write to files on the printers file system with PostScript as well as PJL functions; limited to certain directories
- Recover passwords for PostScript and PJL credentials; This is not an attack per se but the implementation makes brute-force rather easy
- Launch denial of Service attacks of various kinds:
- PostScript based infinite loops
- PostScript showpage redefinition
- Disable jobmedia with proprietary PJL
- Set the device to offline mode with PJL
Now exploitable from the web
All attacks can be carried out by anyone who can print, which includes:- Web attacker:
- A malicious website that uses XSP
- Network access:
- Wireless access:
- Apple Air Print (enabled by default)
- Cloud access:
- Google Cloud Print (disabled by default)
- Physical access:
- Printing via USB cable or USB drive
- Potentially NFC printing (haven't tested)
Conclusion: Christian Slater is right
PostScript and PJL based security weaknesses have been present in laser printers for decades. Both languages make no clear distinction between page description and printer control functionality. Using the very same channel for data (to be printed) and code (to control the device) makes printers insecure by design. Manufacturers however are hard to blame. When the languages were invented, printers used to be connected to a computer's parallel or serial port. No one probably thought about taking over a printer from the web (actually the WWW did not even exist, when PostScript was invented back in 1982). So, what to do? Cutting support for established and reliable languages like PostScript from one day to the next would break compatibility with existing printer drivers. As long as we have legacy languages, we need workarounds to mitigate the risks. Otherwise, "The Wolf" like scenarios can get very real in your office…Related posts
- Pentest Tools Website
- Blackhat Hacker Tools
- Android Hack Tools Github
- Beginner Hacker Tools
- Hacker Tools For Ios
- Hacker Tools Linux
- Hack Tool Apk
- Hacking Tools For Games
- Hack Tools For Mac
- Hacker Tools Apk
- Pentest Tools Subdomain
- Hacker Tools Apk Download
- Hacking Tools For Windows
- Pentest Tools Android
- Hacker Tools Free
- Hacking Tools For Games
- Hacking Tools Windows 10
- Nsa Hack Tools
- Hacking Tools Windows 10
- Hack Tools For Games
- Termux Hacking Tools 2019
- Hacking Tools For Windows 7
- Pentest Tools Url Fuzzer
- Pentest Tools Download
- What Is Hacking Tools
- Hacker Tools For Windows
- Hacking Tools Hardware
- Pentest Tools Nmap
- Hak5 Tools
- Pentest Tools Bluekeep
- Hak5 Tools
- Hacks And Tools
- What Is Hacking Tools
- Hacking App
- Hacking Tools Pc
- Pentest Tools Review
- Pentest Tools Nmap
- Pentest Tools Port Scanner
- Tools 4 Hack
- Pentest Tools Download
- Pentest Tools For Mac
- Hacking Tools For Pc
- Pentest Tools Alternative
- Hacker Tools Hardware
- Hacking Tools Github
- Hacking App
- Pentest Tools Linux
- Blackhat Hacker Tools
- What Are Hacking Tools
- Pentest Reporting Tools
- Pentest Tools For Windows
- What Are Hacking Tools
- World No 1 Hacker Software
- Pentest Tools For Ubuntu
- Hacking Tools
- Hack Tool Apk No Root
- Tools Used For Hacking
- Pentest Tools Website
- Hacker Tools Github
- Free Pentest Tools For Windows
- Pentest Tools For Android
- Hacker Tools Github
- Github Hacking Tools
- Pentest Tools Port Scanner
- Tools For Hacker
- Hacking Tools 2020
- How To Hack
- Hacking Tools Windows 10
- Hacking Tools For Windows
- Tools For Hacker
- What Are Hacking Tools
- Hacking Tools Usb
- Hacker Tool Kit
- Pentest Reporting Tools
- Pentest Tools Kali Linux
- Hacking Tools For Beginners
- Hacking Tools Windows 10
- Pentest Tools Free
- Pentest Tools Subdomain
- Pentest Tools For Windows
- New Hacker Tools
- Hacking Tools Github
- Pentest Tools Bluekeep
- Hacking Tools For Windows 7
- Hacking Tools 2019
- Hackrf Tools
- Hacking Tools Usb
- Wifi Hacker Tools For Windows
- Pentest Tools Review
- Hack Apps
- Pentest Tools For Mac
- Pentest Tools Subdomain
- Hacking Tools For Pc
- Hacking Tools For Windows
- Hackers Toolbox
- Hacking Tools Free Download
- World No 1 Hacker Software
- Pentest Tools Online
- New Hacker Tools
- Pentest Tools Alternative
- Hacking Tools For Kali Linux
- Hack Tools Online
- Kik Hack Tools
- Usb Pentest Tools
- Pentest Tools Online
- Nsa Hacker Tools
- Beginner Hacker Tools
- Hacker Search Tools
- Hacking App
- Pentest Tools Framework
- Hacking Tools Online
- Kik Hack Tools
- Pentest Tools Download
- Pentest Tools Url Fuzzer
- Hacking Tools Windows 10
- Hack And Tools
- Hacking Tools For Windows Free Download
- Hacker Tools 2020
- Hackers Toolbox
- Hack Tools Github
- Pentest Tools Apk
- Pentest Tools For Android
- Hack Tools For Mac
- Best Hacking Tools 2019
- Hack Tool Apk
- Hack Website Online Tool
- Hack Tools Online
- Hackrf Tools
- Pentest Tools Nmap
- Hacking Tools Software
- Pentest Recon Tools
- Hack Tools Pc
- Best Pentesting Tools 2018
- Pentest Tools Port Scanner
- Pentest Tools Android
- Hacker Tools Free
- Pentest Tools Review
- Hacking Tools For Kali Linux
- Pentest Tools Kali Linux
- Ethical Hacker Tools
- Pentest Tools Subdomain
- Hacker Tools Apk Download
- Hacking Tools For Windows Free Download
- Hacking Tools For Kali Linux
- How To Make Hacking Tools
- Pentest Automation Tools
- Hack Tools
沒有留言:
發佈留言