iTnews
  • Home
  • News
  • Technology
  • Security

The overlooked security threat in your office: printers

By Juha Saarinen on Jan 31, 2017 7:53AM
The overlooked security threat in your office: printers

Attacks can cause physical damage.

Commonly used office printers and multi-function devices can be exploited to leak information and execute code, presenting multiple attack vectors that are often overlooked, a security researcher has found.

Jens Müller from the Ruhr-Universität Bochum in Germany published multiple advisories on vulnerabilities that he had discovered as part of his Master's degree thesis on the security of printers.

The vulnerabilites stem from vendors not separating page description languages such as PostScript and PJL/PCL used to generate the output from printer control.

"Potentially harmful commands can be executed by anyone who has the right to print," Müller said.

Müller outlined multiple attacks on his Hacking Printers wiki, ranging from accessing print jobs to credentials disclosure and bypassing device security, and included proofs of concept.

HP LaserJet 1200, 4200N and 4250N as well as Dell 3130cn and Samsung Multipress 6345N have a vulnerable line printer daemon (LPD) service that cannot handle usernames with 150 or more characters.

Sending a long username to the LPD service on the above devices crashes the printer, requiring manual restart to bring it back up. Müller said with correct shellcode and return address, the vulnerability could be used for remote code execution. More printers than the above are likely to be vulnerable, he said.

It is even possible to launch denial of service attacks against printers that support PJL, and permanently damage the non-volatile random access memory (NVRAM) that is used to persistently store settings for the devices, Müller found.

He tested the NVRAM destruction attack on printers from Brother, Konica Minolta, Lexmark, Dell and HP, and verified that they are vulnerable.

Printers can be attacked via networks or USB interfaces. Müller also described a more complex but feasible cross site printing (XSP) attack using a specially crafted website to access printers.

Although they are not usually directly connected to and accessible from the internet, a Shodan.io scan found almost 36,000 printers around the world on public networks, including 500 in Australia and 58 in New Zealand.

Müller warned that, for instance, disgruntled employees could attack intranet printers to capture information such as department payrolls. Newer printers can also be accessed wirelessly through features such as Apple's AirPrint protocol for mobile apps. 

Researchers have unearthed security risks in printers since the early 2000s, but Müller notes that vendors have painted themselves into a corner, as cutting support for established and reliable page description languages like PostScript would break compatiblity with existing printer drivers.

Updating the language standards is not an option for the same reason, Müller said. Adding to the security woes, vendors include undocumented extensions, service codes, and proprietary features that can be reverse engineered and exploited.

Müller suggested vendors instead focus on open standards, and avoid hidden functions in a misguided security through obscurity effort.

Administrators should ensure that printers are never internet accessible, and if not required, disable network printing over TCP port 9100.

Müller also recommended sandboxing printers on separate network segments so that they're only accessible via a hardened and secure dedicated server, along with strong passwords for the PostScript startjob command and system parameters, and blocking malicious PJL commands via an intrusion detection systems.

To assist in finding vulnerable printers, Müller has published the printer exploitation toolkit (PRET) on Github.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
brothercanondellhpjens m252llerkonica minoltapclpjlpostscriptprinterssecurity

Partner Content

Why rethinking your CMS is crucial for customer retention
Promoted Content Why rethinking your CMS is crucial for customer retention
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations
Security: Understanding the fundamentals of governance, risk & compliance
Promoted Content Security: Understanding the fundamentals of governance, risk & compliance
Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Promoted Content Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • Micro Focus Information Management & Governance (IM&G) Forum 2022
  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
  • Forrester Technology & Innovation Asia Pacific 2022
By Juha Saarinen
Jan 31 2017
7:53AM
0 Comments

Related Articles

  • Intel memory firmware bug hits hundreds of products
  • Serious vulnerabilities found in HP printer models
  • Toshiba, Sony, others lose court fight against EU cartel fine
  • Password vulnerability fixed in Dell storage firmware
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Australia scraps digital passenger cards for international arrivals

Australia scraps digital passenger cards for international arrivals

PayTo rollout kicks off

PayTo rollout kicks off

Neobank Volt exits the banking industry

Neobank Volt exits the banking industry

Westpac sets sights on hybrid meeting spaces

Westpac sets sights on hybrid meeting spaces

Digital Nation

Case Study: Good360 deploys NetSuite, Magento and Salesforce
Case Study: Good360 deploys NetSuite, Magento and Salesforce
Case Study: Multicloud business drivers at MLC Life Insurance
Case Study: Multicloud business drivers at MLC Life Insurance
Personalisation strategies need to be built from the ground up
Personalisation strategies need to be built from the ground up
Case study: AFL kicks goals with its new digital platform
Case study: AFL kicks goals with its new digital platform
Case Study: EY invests in AI to improve approach to flexible working
Case Study: EY invests in AI to improve approach to flexible working
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.