New Printers Vulnerable To Old Languages

When we published our research on network printer security at the beginning of the year, one major point of criticism was that the tested printers models had been quite old. This is a legitimate argument. Most of the evaluated devices had been in use at our university for years and one may raise the question if new printers share the same weaknesses.

35 year old bugs features

The key point here is that we exploited PostScript and PJL interpreters. Both printer languages are ancient, de-facto standards and still supported by almost any laser printer out there. And as it seems, they are not going to disappear anytime soon. Recently, we got the chance to test a $2,799 HP PageWide Color Flow MFP 586 brand-new high-end printer. Like its various predecessors, the device was vulnerable to the following attacks:
  • Capture print jobs of other users if they used PostScript as a printer driver; This is done by first infecting the device with PostScript code
  • Manipulate printouts of other users (overlay graphics, introduce misspellings, etc.) by infecting the device with PostScript malware
  • List, read from and write to files on the printers file system with PostScript as well as PJL functions; limited to certain directories
  • Recover passwords for PostScript and PJL credentials; This is not an attack per se but the implementation makes brute-force rather easy
  • Launch denial of Service attacks of various kinds:

Now exploitable from the web

All attacks can be carried out by anyone who can print, which includes:
Note that the product was tested in the default configuration. To be fair, one has to say that the HP PageWide Color Flow MFP 586 allows strong, Kerberos based user authentication. The permission to print, and therefore to attack the device, can be be limited to certain employees, if configured correctly. The attacks can be easily reproduced using our PRET software. We informed HP's Software Security Response Team (SSRT) in February.

Conclusion: Christian Slater is right

PostScript and PJL based security weaknesses have been present in laser printers for decades. Both languages make no clear distinction between page description and printer control functionality. Using the very same channel for data (to be printed) and code (to control the device) makes printers insecure by design. Manufacturers however are hard to blame. When the languages were invented, printers used to be connected to a computer's parallel or serial port. No one probably thought about taking over a printer from the web (actually the WWW did not even exist, when PostScript was invented back in 1982). So, what to do? Cutting support for established and reliable languages like PostScript from one day to the next would break compatibility with existing printer drivers. As long as we have legacy languages, we need workarounds to mitigate the risks. Otherwise, "The Wolf" like scenarios can get very real in your office…

More information
  1. Hacking Tools For Beginners
  2. Pentest Recon Tools
  3. Hack Website Online Tool
  4. Hacking Tools For Pc
  5. Hacker
  6. Hacker Tools For Windows
  7. Hacks And Tools
  8. Pentest Tools Nmap
  9. Hack Tools Online
  10. Hack Tools Online
  11. Hack And Tools
  12. Wifi Hacker Tools For Windows
  13. Hacking Tools Free Download
  14. Pentest Tools For Mac
  15. Hacking Tools Usb
  16. Hacking Tools For Mac
  17. Hacker Tools Mac
  18. Nsa Hack Tools
  19. World No 1 Hacker Software
  20. Hacking Tools Hardware
  21. Hacker Hardware Tools
  22. Hacking Tools 2019
  23. Top Pentest Tools
  24. Hacking Tools And Software
  25. Pentest Tools Port Scanner
  26. Hack Tool Apk
  27. Pentest Automation Tools
  28. Tools 4 Hack
  29. Tools For Hacker
  30. Hacker Tools For Pc
  31. Pentest Tools Apk
  32. Hacker Tools For Mac
  33. Free Pentest Tools For Windows
  34. Hacking Tools And Software
  35. Pentest Automation Tools
  36. Pentest Tools Subdomain
  37. Hacking Tools And Software
  38. Bluetooth Hacking Tools Kali
  39. Hack Tools Download
  40. Hacker Security Tools
  41. How To Install Pentest Tools In Ubuntu
  42. Hacking Tools Windows
  43. Computer Hacker
  44. Hacker Tools For Ios
  45. Hacking Tools Windows 10
  46. Hacking Tools Windows
  47. Pentest Tools Linux
  48. Hacks And Tools
  49. Hacking Tools Usb
  50. Pentest Tools Free
  51. Pentest Tools Download
  52. Best Hacking Tools 2020
  53. Hacker Tools Free
  54. Tools 4 Hack
  55. Hacker Techniques Tools And Incident Handling
  56. Blackhat Hacker Tools
  57. Hacker Tools Online
  58. Tools For Hacker
  59. Growth Hacker Tools
  60. Hacking Tools Online
  61. Hacking Tools Online
  62. Beginner Hacker Tools
  63. Hacking Tools For Kali Linux
  64. Pentest Tools Subdomain
  65. Android Hack Tools Github
  66. Hacker Techniques Tools And Incident Handling
  67. Pentest Tools For Mac
  68. Hack Tools Download
  69. Pentest Tools Subdomain
  70. Hacker Tools Free Download
  71. Hacker Tools Linux
  72. Hacking Tools Hardware
  73. Hack Tools Pc
  74. Hacker Tools Software
  75. Github Hacking Tools
  76. Ethical Hacker Tools
  77. Hack Tools
  78. Pentest Recon Tools
  79. Hacking Tools Kit
  80. Pentest Tools Kali Linux
  81. Hack And Tools
  82. Pentest Tools Url Fuzzer
  83. Hack Tools For Ubuntu
  84. Hack Tools 2019
  85. Hackrf Tools
  86. Hacker Tools For Windows
  87. Hacking Apps
  88. Hacker Tools Windows
  89. Pentest Tools For Android
  90. Pentest Tools Download
  91. Hacker Tools
  92. Pentest Tools List
  93. Nsa Hack Tools
  94. Hackers Toolbox
  95. Hacker Tools Linux
  96. Physical Pentest Tools
  97. New Hack Tools
  98. Hack Tools 2019
  99. Pentest Tools Nmap
  100. Hacker Hardware Tools
  101. What Is Hacking Tools
  102. Android Hack Tools Github
  103. Hack Tools For Windows
  104. Hacker Tools

Post a Comment

Previous Post Next Post