Vulnerabilities in Not-So Embedded Systems presented at BlackhatUSA 2006

by Brendan O'Connor,

Summary : Printers, scanners, and copiers still have a reputation of being embedded systems or appliances; dumb machines that perform a specific, repetitive function. Today's devices are far different than their predecessors, but still do not receive the same level of security scrutiny as servers, workstations, routers, or even switches. The goal of this talk is to change the way we look at these devices, and leave the audience with a better awareness of the security implications of having these devices in their environments. Although the concepts in this talk can apply to many different devices, the primary focus will be on vulnerabilities, exploitation, and defense of the new Xerox WorkCentre product line. Previously undisclosed vulnerabilities will be released, along with exploit code that turns a dumb printer, copier, or scanner into a network attack drone. Steps administrators can take to harden these devices will also be covered.