Hacking Printers For Fun And Profit presented at SyScan 2010

by Andrei Costin,

Tags: Security Exploitation Malware

Summary : While more and more new devices (routers, smartphones, etc.) are getting connected to our SOHO/enterprise
environments, all-colour hats are getting plenty of focus on their security: defend and harden on one
side; exploit and develop malware on the other.However, a special class of network devices (specifically network printers/scanners/MFPs),
which are networked for more than 15 years, are constantly out of the modern security watchful eye.
And even though we entrust them even the most confidential documents or the most sacred credentials (LDAP, RFID
badges, etc.), we donu2019t realize closely how weak and unsecured they are, despite the few minor security bulletins
started to pop-up here and there in the recent few months.In this presentation, we will try to analyse the reasons why hacking network printers/MFPs is a reasonable and accomplishable
idea. Also, we will take a look at current state of (weak) affairs in the vulnerability and security research available. Then
we will try to envision types of possible exploitation scenarios, backed-up with a printer remote-exploit demo. We will conclude
the presentation with possible solutions and what can be done to protect ourselves as well as our network environments.u7576u8d8au4f86u8d8au591au7684u65b0u96fbu5b50u7522u54c1u3000(u5206u4eabu5668u3001u667au6167u578bu624bu6a5fu548cu5176u5b83) u88abu9023u7d50u5230u6211u5011u7684SOHO/u4f01u696du74b0u5883u4e4bu4e2duff0cu5404u500bu984fu8272u5e3du5b50u7684u99edu5ba2u5728u4ed6u5011u7684u5b89u5168u6027u4e0au5f97u5230u4e86u773eu591au95dcu6ce8uff1au4e00u65b9u9762u9632u79a6u4e26u52a0u5f37uff1bu53e6u4e00u65b9u9762u5229u7528u4e26u958bu767cu60e1u610fu8edfu9ad4u3002u4f46u662fuff0cu4e00u500bu7279u6b8au5c64u7d1au7684u7db2u8defu88ddu7f6e(u7279u5225u662fu7db2u8defu5370u8868u6a5f/u6383u63cfu6a5f/MFPs)uff0cu5df2u7d93u4ee5u7db2u8defu9023u7d50u905415u5e74u4e4bu4e45uff0cu537bu4e00u76f4u88abu6392u9664u5728u73feu4ee3u8cc7u8a0au5b89u5168u7684u95dcu6ce8u4e4bu5916u3002u96d6u7136u6211u5011u5728u8655u7406u6700u6a5fu5bc6u7684u6587u4ef6u6216u6700u91cdu8981u7684u6191u8b49u6642(LDAPu3001RFID badgesu548cu5176u5b83)u7d66u4e88u4ed6u5011u5b8cu5168u7684u4fe1u4efbuff0cu6211u5011u537bu6c92u6709u767cu73feu4ed6u5011u6709u591au9ebcu7684u8106u5f31u548cu4e0du5b89u5168uff0cu5373u4f7fu6700u8fd1u5e7eu500bu6708u6709u4e00u4e9bu8f03u5c0fu7684u5b89u5168u6ce8u610fu4e8bu9805u4e0du6642u88abu63d0u53cau3002u5728u9019u4e00u500bu5831u544au4e2duff0cu6211u5011u6703u5617u8a66u5206u6790u70bau4ec0u9ebcu99edu5165u7db2u8defu9023u7d50u7684u5370u8868u6a5f/MFPsu662fu4e00u500bu5408u4e4eu5e38u7406u4e26u53efu4ee5u505au5230u7684u4e8bu60c5u3002u540cu6642uff0cu6211u5011u4e5fu6703u63a2u8a0eu4e00u4e0bu73feu6709u7684u5f31u9edeu548cu5b89u5168u6027u7814u7a76u4e2du76eeu524du7684(u8106u5f31)u72c0u614bu3002u4e4bu5f8cu6211u5011u5c07u6703u8a66u8457u8a2du60f3u53efu80fdu7684u653bu64cau60c5u5883uff0cu4e26u4ee5u5448u73feu4e00u500bu9060u7aefu5370u8868u6a5fu653bu64cau4f86u652fu6301u6b64u8aaau3002u6700u5f8cu6211u5011u6703u4ee5u53efu80fdu7684u89e3u6c7au65b9u6848u548cu53efu4ee5u4fddu8b77u6211u5011u81eau5df1u4ee5u53cau6211u5011u7684u7db2u8defu74b0u5883u7684u63aau65bdu4f86u4f5cu5831u544au7684u7e3du7d50u3002