Researchers testing the security state of 20 common office network printers have discovered that almost every model is susceptible to a range of disarmingly simple attacks.
As the authors admit, printers are “considered rather unspectacular devices,” which might explain why research into their security remains a bit of a backwater.
Undeterred, the team from Ruhr University Bochum in Germany used their own custom-written tool called PRET (Printer Exploitation Toolkit) to hit the printers with a range of local, network and internet-based attacks on two common software interfaces, PostScript and Printer Job Language (PJL).
Attacks methods covered denial-of-service (making printers go offline or into a programming loop), a protection bypass (resetting to factory defaults), print job manipulation (interfering with what is printed), and information disclosure (accessing document content).
Printer models tested covered a cross-section of major vendors, including HP, Lexmark, Brother, Dell, Oki, Samsung Kyocera and Konica, all of which were running the latest firmware.
Every model tested could be taken offline by a malicious PostScript file, while print jobs could be intercepted or manipulated on almost all of them. Other issues included that data from print jobs could be retrieved after compromising a user’s browser, and the security of PostScript passwords overridden.
It was even possible to remotely vandalise printers using the simple trick of writing to their memory lots of times: “Physical damage could be caused to about half of the tested device within 24 hours of NVRAM stressing.”
Many of these problems seem to have been known about for years, which draws attention to the first unusual aspect of printers as computing devices that many of the technologies they use (PostScript for example) go back years and even decades.
They also seem to hang around inside organisations for a long time, which means that their vulnerabilities remain live too. And while the print drivers – the software that sits between a PC and the printer – might be upgraded several times, how often firmware is updated is unclear.
It’s a hidden software complexity that will only increase with the introduction of new standards such as HP ePrint and Google Cloud Print, which has prompted the researchers to set up a Wiki to disclose vulnerabilities.
Tellingly, when contacted about these findings, only Dell and Google (which offered a bug bounty of $3,133 in connection with the team’s Cloud Print research) seemed interested. As long as vendors are this lacking in interest, patches probably won’t be forthcoming until a real-world attack emerges.