HGI scientists Jens Müller, Juraj Somorovsky, and Vladislav Mladenov from the Department of Network and Data Security have shown that printers are a massive security vulnerability.
HGI scientists Jens Müller, Juraj Somorovsky, and Vladislav Mladenov from the Department of Network and Data Security have shown that printers are a massive security vulnerability. For example, standard PostScript commands can be used to record and read out other peoples' print jobs. This allows an attacker to obtain sensitive information - for example, current research results even before they are published.
The vulnerability, which is believed to have been lurking in all PostScript printers for the past three decades, is made possible because the PostScript page description language is a full programming language. Similarly, print jobs can be manipulated by PostScript malware that resides in the printer's main memory until it is restarted. This means that a user can no longer be sure whether the document on the screen actually corresponds to what is printed out - or whether it has been altered, for example, by transposed numbers. In some of the devices examined, it was even possible to read out the RAM and the entire hard disk or to physically destroy the NVRAM, the component that stores long-term settings such as paper formats and passwords.
Generic security problems in printers
All vulnerabilities can be traced back to a fundamental problem in printers: They do not distinguish between data and code, i.e. between a document to be printed and commands to control the printer. Thus, anyone who can print in any way can also carry out the attacks mentioned. This applies to local attackers who sneak into a company's copy room as well as to network attackers (Shodan lists about 50,000 printers that are directly connected to the Internet), see also hacking-printers..
Attack via a web page
Furthermore, the attacks can be done quite quickly through a malicious website. For this purpose, the researchers from Bochum have presented an extension of the well-known "cross-site printing" technique, so-called "CORS spoofing." In this case, the victim's browser is fooled into thinking it has a CORS header entry through special PostScript commands sent to the printer via JavaScript, which allows an attacker to access printers' response, such as tapped print jobs - despite the same-origin policy. More details can be found at hacking-printers.
A proof-of-concept that executes relatively innocuous attacks such as tampering with print jobs and listing files on a printer is available at http://hacking-printers.net/xsp/.
General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.