Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

Printer Vulnerabilities Expose Organizations to Attacks

A team of researchers from Ruhr-Universität Bochum in Germany has analyzed 20 printers and multifunction printers (MFPs) from several vendors and discovered that each of them is affected by at least one vulnerability, including flaws that can be exploited to crash the device or obtain sensitive information that provides access to the organization’s network.

A team of researchers from Ruhr-Universität Bochum in Germany has analyzed 20 printers and multifunction printers (MFPs) from several vendors and discovered that each of them is affected by at least one vulnerability, including flaws that can be exploited to crash the device or obtain sensitive information that provides access to the organization’s network.

The experts conducted their tests on printers from HP, Brother, Lexmark, Dell, Samsung, Konica, OKI and Kyocera using a Python-based piece of software they named PRinter Exploitation Toolkit (PRET). The analysis revealed the existence of both old and new vulnerabilities and attack vectors that can be exploited locally or remotely.

Some of the attack methods detailed by the researchers involve what they call PostScript malware. PostScript, created more than 30 years ago by Adobe, is a computer language used to describe the appearance of text and graphics on a page. The language is supported by all major printer manufacturers.

According to researchers, an attacker can abuse PostScript to manipulate documents, such as in the attack where thousands of printers were hijacked and made to print anti-Semitic flyers, or to capture the content of documents that are printed.

Such attacks can be launched through USB, remotely over the local network, or from the Internet via a malicious website using cross-site printing (XSP) and cross-origin resource sharing (CORS) spoofing.

Experts also showed how PostScript and Printer Job Language (PJL) can be leveraged to access the entire file system on some printers, including passwords for the embedded web server. This vulnerability has been known for several years, but experts say it still hasn’t been completely fixed.

“OKI MC342dn allows an attacker to execute one level of path traversal, where a directory called ‘hidden/’ is located which contains stored fax numbers, email contacts and local users’ PINs as well as the SNMP community string,” researchers said in their paper. “More interesting, however, is the fact that this MFP can be integrated into a network using features like Email-to-Print or Scan-to-FTP. An attacker could find passwords for LDAP, POP3, SMTP, outbound HTTP proxy, FTP, SMB, and Webdav as well as the IPsec pre-shared keys. This is a good example how an attacker can escalate her way into a company’s network, using the printer device as a starting point.”

They also discovered that buffer overflow vulnerabilities in the Line Printer Daemon (LPD) and the PJL interpreter can be exploited for denial-of-service (DoS) attacks and possibly even arbitrary code execution. PJL commands can also be used to cause physical damage to the device’s non-volatile memory (NVRAM) and gain access to sensitive information stored in the NVRAM, such as web server passwords.

Advertisement. Scroll to continue reading.

These security holes can also be exploited locally, or remotely using XSP and CORS spoofing.

Printer vulnerabilities

The experts have also analyzed Google Cloud Print, a service that allows users to print from anywhere, including their mobile device, to any printer. They showed that the Google service was also affected by some security issues, for which they earned a $3,133.7 reward from the search giant.

The researchers have also notified other affected vendors of their findings. However, they pointed out that the old vulnerabilities they had identified affected the latest versions of the firmware. In some cases, the vulnerabilities have been known for more than a decade, which they believe suggests that printer manufacturers don’t take security seriously, or they lack the proper security analysis tools.

Related: Hackers Can Abuse HP Enterprise Printers for Storage

Related: HP Enhances Network Printer Security

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...