Researchers testing the security state of 20 common office network printers have discovered that almost every model is susceptible to a range of disarmingly simple attacks.
As the authors admit, printers are “considered rather unspectacular devices,” which might explain why research into their security remains a bit of a backwater.
Undeterred, the team from Ruhr University Bochum in Germany used their own custom-written tool called PRET (Printer Exploitation Toolkit) to hit the printers with a range of local, network and internet-based attacks on two common software interfaces, PostScript and Printer Job Language (PJL).
Attacks methods covered denial-of-service (making printers go offline or into a programming loop), a protection bypass (resetting to factory defaults), print job manipulation (interfering with what is printed), and information disclosure (accessing document content).
Printer models tested covered a cross-section of major vendors, including HP, Lexmark, Brother, Dell, Oki, Samsung Kyocera and Konica, all of which were running the latest firmware.
Every model tested could be taken offline by a malicious PostScript file, while print jobs could be intercepted or manipulated on almost all of them. Other issues included that data from print jobs could be retrieved after compromising a user’s browser, and the security of PostScript passwords overridden.
It was even possible to remotely vandalise printers using the simple trick of writing to their memory lots of times: “Physical damage could be caused to about half of the tested device within 24 hours of NVRAM stressing.”
Many of these problems seem to have been known about for years, which draws attention to the first unusual aspect of printers as computing devices that many of the technologies they use (PostScript for example) go back years and even decades.
They also seem to hang around inside organisations for a long time, which means that their vulnerabilities remain live too. And while the print drivers – the software that sits between a PC and the printer – might be upgraded several times, how often firmware is updated is unclear.
It’s a hidden software complexity that will only increase with the introduction of new standards such as HP ePrint and Google Cloud Print, which has prompted the researchers to set up a Wiki to disclose vulnerabilities.
Tellingly, when contacted about these findings, only Dell and Google (which offered a bug bounty of $3,133 in connection with the team’s Cloud Print research) seemed interested. As long as vendors are this lacking in interest, patches probably won’t be forthcoming until a real-world attack emerges.
Joe Martella
Ok. So network printers are potential targets. What else is new? It’s all part of the IoT. The fact is network printers are a small target thus a low priority. Want to secure your printer? Turn it off (may not be entirely practical, though). Not as easy with other IoT devices, however. It’s the bigger targets that get the manufacture’s attention. So until then, users should take the obvious steps to secure their printers; keep behind a firewall, ensure your firewall rules are effective, upgrade firmware (if that helps), ensure the buffers are cleared after printing, and if possible turn the little bugger off..
Jim
You are correct, of course.
But, it reminded me that I haven’t put my firewall rules in place that prevent my printer (and one other IoT device) from accessing the Internet without my say-so. Thank you!
4caster
You’ve just put the idea into the heads of countless crooks who hadn’t though of it before.
4caster
… who hadn’t thought of it before (Sorry about typo)
Richard
I seem to remember back in the 1980s a comment about a printer with an address “kremlin@moskvax.com” (or similar).
Plus ça change…