Total Pageviews

Friday, 28 August 2020

New Printers Vulnerable To Old Languages

When we published our research on network printer security at the beginning of the year, one major point of criticism was that the tested printers models had been quite old. This is a legitimate argument. Most of the evaluated devices had been in use at our university for years and one may raise the question if new printers share the same weaknesses.

35 year old bugs features

The key point here is that we exploited PostScript and PJL interpreters. Both printer languages are ancient, de-facto standards and still supported by almost any laser printer out there. And as it seems, they are not going to disappear anytime soon. Recently, we got the chance to test a $2,799 HP PageWide Color Flow MFP 586 brand-new high-end printer. Like its various predecessors, the device was vulnerable to the following attacks:
  • Capture print jobs of other users if they used PostScript as a printer driver; This is done by first infecting the device with PostScript code
  • Manipulate printouts of other users (overlay graphics, introduce misspellings, etc.) by infecting the device with PostScript malware
  • List, read from and write to files on the printers file system with PostScript as well as PJL functions; limited to certain directories
  • Recover passwords for PostScript and PJL credentials; This is not an attack per se but the implementation makes brute-force rather easy
  • Launch denial of Service attacks of various kinds:

Now exploitable from the web

All attacks can be carried out by anyone who can print, which includes:
Note that the product was tested in the default configuration. To be fair, one has to say that the HP PageWide Color Flow MFP 586 allows strong, Kerberos based user authentication. The permission to print, and therefore to attack the device, can be be limited to certain employees, if configured correctly. The attacks can be easily reproduced using our PRET software. We informed HP's Software Security Response Team (SSRT) in February.

Conclusion: Christian Slater is right

PostScript and PJL based security weaknesses have been present in laser printers for decades. Both languages make no clear distinction between page description and printer control functionality. Using the very same channel for data (to be printed) and code (to control the device) makes printers insecure by design. Manufacturers however are hard to blame. When the languages were invented, printers used to be connected to a computer's parallel or serial port. No one probably thought about taking over a printer from the web (actually the WWW did not even exist, when PostScript was invented back in 1982). So, what to do? Cutting support for established and reliable languages like PostScript from one day to the next would break compatibility with existing printer drivers. As long as we have legacy languages, we need workarounds to mitigate the risks. Otherwise, "The Wolf" like scenarios can get very real in your office…

More information

  1. How To Make Hacking Tools
  2. Nsa Hacker Tools
  3. Hack Tools
  4. Hacker Tools Github
  5. Hacking Tools 2020
  6. New Hack Tools
  7. Hack And Tools
  8. Underground Hacker Sites
  9. World No 1 Hacker Software
  10. Pentest Tools Tcp Port Scanner
  11. Pentest Tools For Ubuntu
  12. Pentest Reporting Tools
  13. Black Hat Hacker Tools
  14. Pentest Tools Tcp Port Scanner
  15. Hacking Apps
  16. Hacking Tools For Mac
  17. Hack Tools
  18. Pentest Tools Framework
  19. Pentest Automation Tools
  20. Hacker Search Tools
  21. Tools 4 Hack
  22. Hack Tool Apk
  23. Hak5 Tools
  24. Hack Tools For Pc
  25. Nsa Hack Tools
  26. Pentest Tools
  27. Hacking Tools
  28. Hacker Tools Windows
  29. Pentest Tools Kali Linux
  30. Hacking Tools For Mac
  31. Hacker Tools Linux
  32. Pentest Tools Github
  33. Github Hacking Tools
  34. Bluetooth Hacking Tools Kali
  35. Hacking Tools Download
  36. Pentest Tools Kali Linux
  37. Hack Tools Github
  38. Pentest Tools Website
  39. Hacker Tools Online
  40. Nsa Hack Tools Download
  41. Pentest Tools Website Vulnerability
  42. Hacking Tools Mac
  43. Hack Website Online Tool
  44. Hack Tools
  45. Hack Tools 2019
  46. Tools For Hacker
  47. New Hacker Tools
  48. Hack Tools Download
  49. Hacker Tools For Mac
  50. Hacking Tools Mac
  51. Hack Tools For Mac
  52. Hack Tools Github
  53. Pentest Tools Apk
  54. Github Hacking Tools
  55. Hacking Tools For Games
  56. Pentest Tools Alternative
  57. Pentest Tools Online
  58. Pentest Recon Tools
  59. Hacker Security Tools
  60. Pentest Tools Nmap
  61. Pentest Tools Alternative
  62. Pentest Tools Apk
  63. How To Install Pentest Tools In Ubuntu
  64. Black Hat Hacker Tools
  65. Hacking Tools For Windows
  66. Hacker Tools For Mac
  67. Tools Used For Hacking
  68. Hack Tools
  69. Hacker Tools For Windows
  70. Pentest Tools Kali Linux
  71. What Is Hacking Tools
  72. Hacking Tools Pc
  73. Hacking Tools Hardware
  74. Hacking Tools Github
  75. Hackrf Tools
  76. Termux Hacking Tools 2019
  77. Hacker Tools Free
  78. Pentest Tools Website
  79. Physical Pentest Tools
  80. How To Make Hacking Tools
  81. Hack Tools For Games
  82. Best Hacking Tools 2019
  83. Hacker Tools Mac
  84. Pentest Tools Linux

No comments:

Post a Comment