New Printers Vulnerable To Old Languages

When we published our research on network printer security at the beginning of the year, one major point of criticism was that the tested printers models had been quite old. This is a legitimate argument. Most of the evaluated devices had been in use at our university for years and one may raise the question if new printers share the same weaknesses.

35 year old bugs features

The key point here is that we exploited PostScript and PJL interpreters. Both printer languages are ancient, de-facto standards and still supported by almost any laser printer out there. And as it seems, they are not going to disappear anytime soon. Recently, we got the chance to test a $2,799 HP PageWide Color Flow MFP 586 brand-new high-end printer. Like its various predecessors, the device was vulnerable to the following attacks:

• Capture print jobs of other users if they used PostScript as a printer driver; This is done by first infecting the device with PostScript code
• Manipulate printouts of other users (overlay graphics, introduce misspellings, etc.) by infecting the device with PostScript malware
• List, read from and write to files on the printers file system with PostScript as well as PJL functions; limited to certain directories
• Recover passwords for PostScript and PJL credentials; This is not an attack per se but the implementation makes brute-force rather easy
• Launch denial of Service attacks of various kinds:
  • PostScript based infinite loops
  • PostScript showpage redefinition
  • Disable jobmedia with proprietary PJL
  • Set the device to offline mode with PJL

Now exploitable from the web

All attacks can be carried out by anyone who can print, which includes:

• Web attacker:
  • A malicious website that uses XSP
• Network access:
  • Via Jetdirect (port 9100/tcp)
  • Via LPD (port 515/tcp)
  • Via IPP (port 631/tcp)
• Wireless access:
  • Apple Air Print (enabled by default)
• Cloud access:
  • Google Cloud Print (disabled by default)
• Physical access:
  • Printing via USB cable or USB drive
  • Potentially NFC printing (haven't tested)

Note that the product was tested in the default configuration. To be fair, one has to say that the HP PageWide Color Flow MFP 586 allows strong, Kerberos based user authentication. The permission to print, and therefore to attack the device, can be be limited to certain employees, if configured correctly. The attacks can be easily reproduced using our PRET software. We informed HP's Software Security Response Team (SSRT) in February.

Conclusion: Christian Slater is right

PostScript and PJL based security weaknesses have been present in laser printers for decades. Both languages make no clear distinction between page description and printer control functionality. Using the very same channel for data (to be printed) and code (to control the device) makes printers insecure by design. Manufacturers however are hard to blame. When the languages were invented, printers used to be connected to a computer's parallel or serial port. No one probably thought about taking over a printer from the web (actually the WWW did not even exist, when PostScript was invented back in 1982). So, what to do? Cutting support for established and reliable languages like PostScript from one day to the next would break compatibility with existing printer drivers. As long as we have legacy languages, we need workarounds to mitigate the risks. Otherwise, "The Wolf" like scenarios can get very real in your office…

Read more

1. Hacker Tools Online
2. Hacking Tools For Beginners
3. Hacker Tools For Pc
4. Nsa Hack Tools
5. Github Hacking Tools
6. Underground Hacker Sites
7. Pentest Tools Framework
8. Hacking Tools For Games
9. Hacker Tool Kit
10. Hacker
11. Hack Website Online Tool
12. Computer Hacker
13. Pentest Tools Url Fuzzer
14. Hacking Tools Mac
15. Hack Tools For Windows
16. Tools 4 Hack
17. Hacking Tools For Games
18. Hacker Tools Linux
19. Pentest Tools Url Fuzzer
20. Hack Tools 2019
21. Pentest Reporting Tools
22. Kik Hack Tools
23. Hacking Tools 2020
24. New Hacker Tools
25. Pentest Tools Url Fuzzer
26. Hack Tools
27. Pentest Tools Url Fuzzer
28. Hacking Tools 2019
29. Pentest Tools List
30. Pentest Tools Download
31. Hack Apps
32. Hak5 Tools
33. Pentest Tools Website
34. Pentest Tools Open Source
35. Hacker Tools Github
36. Pentest Reporting Tools
37. Hack Rom Tools
38. Hacking App
39. Hacking Tools For Windows 7
40. Hack And Tools
41. Hacker Tools Apk
42. How To Install Pentest Tools In Ubuntu
43. What Is Hacking Tools
44. Pentest Tools Online
45. Pentest Tools For Android
46. Hacker Tools For Ios
47. Hacking Tools For Beginners
48. Hack Tools Download
49. Tools 4 Hack
50. Best Hacking Tools 2019
51. Pentest Tools Online
52. Hack Tools For Games
53. Hack Tools Pc
54. Pentest Tools Open Source
55. Hacker Tools For Ios
56. Nsa Hack Tools Download
57. Hack Tools Download
58. Hacking Apps
59. Pentest Tools Windows
60. Pentest Automation Tools
61. Computer Hacker
62. Pentest Recon Tools
63. Hacking Tools Github
64. Pentest Tools Find Subdomains
65. Best Hacking Tools 2019
66. Hacker Tools For Ios
67. Hacking Tools 2020
68. Hacking Tools For Pc
69. Best Hacking Tools 2019
70. Pentest Tools Apk
71. Pentest Tools Online
72. Pentest Tools Framework
73. Pentest Tools For Ubuntu
74. Pentest Tools Download
75. Easy Hack Tools
76. Bluetooth Hacking Tools Kali
77. Hacking Tools Pc
78. Hacking Tools Windows 10
79. Hack Tools Github
80. Hacker Tools Windows
81. Pentest Box Tools Download
82. Hack And Tools
83. Pentest Tools Nmap
84. Github Hacking Tools
85. Pentest Tools Tcp Port Scanner
86. Hackrf Tools
87. Black Hat Hacker Tools
88. Easy Hack Tools
89. Computer Hacker
90. Hacking App
91. Hack Rom Tools
92. New Hack Tools
93. Hacking Tools For Windows
94. What Are Hacking Tools
95. Hack Tools For Games
96. Physical Pentest Tools
97. New Hacker Tools
98. Pentest Tools Review
99. Nsa Hack Tools
100. Hack Apps
101. Hack Tools For Windows
102. Hacker Tools Apk
103. Pentest Tools List
104. Nsa Hacker Tools
105. Hacker Tools Software
106. Pentest Tools Website Vulnerability
107. Pentest Tools Framework
108. Pentest Tools For Android
109. Hack Rom Tools
110. Hacker Tools For Ios
111. Hack Tool Apk
112. Underground Hacker Sites
113. Hack And Tools
114. Pentest Tools Framework
115. Hacking Apps
116. Hacker Tools Apk
117. What Are Hacking Tools
118. Pentest Tools Android
119. Underground Hacker Sites
120. Hacking Tools Github
121. World No 1 Hacker Software
122. How To Install Pentest Tools In Ubuntu
123. Hacker Tools 2020
124. Hack Tools
125. Pentest Tools Apk
126. Hacker Tools For Pc
127. Install Pentest Tools Ubuntu
128. Pentest Automation Tools
129. Hacking Tools For Mac
130. Hacker Tools For Ios
131. Hacker Tool Kit
132. Pentest Tools Find Subdomains
133. Hacking Tools For Windows 7
134. Tools 4 Hack
135. Hacker Tools Mac
136. Pentest Automation Tools
137. Android Hack Tools Github
138. Beginner Hacker Tools
139. Hacking Tools For Windows
140. Hacking Tools Pc
141. Pentest Tools Url Fuzzer
142. Wifi Hacker Tools For Windows
143. Pentest Reporting Tools
144. Tools For Hacker
145. Hacker Security Tools
146. Underground Hacker Sites
147. World No 1 Hacker Software
148. Hacker Tools Hardware
149. Pentest Tools Open Source
150. Hack Tools For Mac
151. What Is Hacking Tools
152. Hack Tools For Games
153. Hacker Tools For Windows
154. Pentest Tools Nmap
155. Hack Rom Tools
156. Pentest Tools For Ubuntu
157. Hacker Tools 2020
158. Hack Tools For Mac
159. Pentest Box Tools Download
160. Hack Tools For Mac
161. New Hacker Tools
162. Wifi Hacker Tools For Windows
163. Underground Hacker Sites
164. Tools 4 Hack
165. Pentest Tools Url Fuzzer
166. Pentest Tools For Windows
167. Hack And Tools
168. Hacker Tools List
169. Hacking Tools Hardware