PostScript: Danger ahead! Hacking MFPs, PCs and beyond… presented at Positive Hack Days 2012

by Andrei Costin,

Tags: Printers PostScript


Summary : After the very successful "Hacking printers for fun and profit" series of talks, the reporter have decided to continue the research into PostScript realms — an old, very powerful and nicely designed programming language.
This time he will demonstrate that the PostScript language, given its power, elegance and Turing-completeness, can be used for more than just drawing dots, lines and circles, and to a certain extent it can be a hacker's sweet delight if fully mastered.
The reporter will be presenting a real-life implementation of unusual, security-flawed, PostScript APIs (along with their dissection and reconstructed documentation) that interact with various levels of OS and HW. The implementation have been found in a TOP10 printer vendor product line. The report also includes research on the possibility of a PostScript-based virus creation, the auther of the research will provide a few hints and building blocks in this direction.
Besides this, the reporter will cover some PostScript aspects that can be dangerous for PC and other implementations.
The goal of this report is to show that entire Flexographic Print/printer industry collateral, such as devices, printing software/drivers/subsystems, publishing, and managed services, has to be redesigned security-wise, so that it can face both the current and the future security landscape and threats.
The report includes practical videos.
Part of the research was presented at 28C3 in Berlin, 2011.