Printers gone wild!

While researching into how secure printers are, Ben Smith discovered some new malicious abuses as well as some fun new uses for old attacks.

This talk will cover how to send SNMP commands to HP printers and get back responses even if SNMP is disabled on the device.

As well as discus some of the other fun that can be had with PJL and its lack of security like printer information gathering, control panel lockout, disk lockout, file uploads, file downloads and mass LCD changing.

While researching into how secure printers are, Ben Smith discovered some new malicious abuses as well as some fun new uses for old attacks.

This talk will cover how to send SNMP commands to HP printers and get back responses even if SNMP is disabled on the device.

As well as discus some of the other fun that can be had with PJL and its lack of security like printer information gathering, control panel lockout, disk lockout, file uploads, file downloads and mass LCD changing.

Printer

Printer

Hacking

Hacking

Source

About the speaker

Security architect / Researcher. Author of several security tools, and one book. In my free time I work on various security projects. Some are RF/Wireless related, others, are not.

Specialties: Wireless, Member of Aircrack-ng team. Networking. Creative Problem Solving.

Connect

About the speaker

Security architect / Researcher. Author of several security tools, and one book. In my free time I work on various security projects. Some are RF/Wireless related, others, are not.

Specialties: Wireless, Member of Aircrack-ng team. Networking. Creative Problem Solving.

Resources

During the 28th Chaos Communication Congress Ang Cui and Jonathan Voris present several generic firmware modification attacks against HP printers.

The attacks they present exploit a functional vulnerability common to all HP printers, and do not depend on any specific code vulnerability.

Download the presentation slides.

Update anyone’s printer with a Trojan image which spies on the documents being printed

The hacking possibilities go far beyond enabling choppy, early ’90s gaming: “We can therefore create our own custom firmware and update anyone’s printer with a Trojan image which spies on the documents being printed or is used as a gateway into their network” Jordon wrote. Read more

When firmware modifications attack: A case study of embedded exploitation

We present a case study of the HP-RFU (Remote Firmware Update) LaserJet printer firmware modification vulnerability, which allows arbitrary injection of malware into the printer’s firmware via standard printed documents. Read more

Utterly crazy hack uses long-distance lasers to send malware commands via all-in-one printers

Researchers found that if a multifunction printer is attached to an air-gapped computer, attackers could issue commands to a malicious program running on it by flashing visible or infrared light at the scanner lid when open. Read more

Resources

During the 28th Chaos Communication Congress Ang Cui and Jonathan Voris present several generic firmware modification attacks against HP printers.

The attacks they present exploit a functional vulnerability common to all HP printers, and do not depend on any specific code vulnerability.

Download the presentation slides.

Update anyone’s printer with a Trojan image which spies on the documents being printed

The hacking possibilities go far beyond enabling choppy, early ’90s gaming: “We can therefore create our own custom firmware and update anyone’s printer with a Trojan image which spies on the documents being printed or is used as a gateway into their network” Jordon wrote. Read more

When firmware modifications attack: A case study of embedded exploitation

We present a case study of the HP-RFU (Remote Firmware Update) LaserJet printer firmware modification vulnerability, which allows arbitrary injection of malware into the printer’s firmware via standard printed documents. Read more

Utterly crazy hack uses long-distance lasers to send malware commands via all-in-one printers

Researchers found that if a multifunction printer is attached to an air-gapped computer, attackers could issue commands to a malicious program running on it by flashing visible or infrared light at the scanner lid when open. Read more

Articles

Presentations

Tutorials