Scientists at Ruhr University have found security lapses in multi-function printers that might be abused distantly by cyberpunks to close down the printers, or worse, steal passwords or manipulate documents. It’s also possible for cyberpunks to abuse the faults to cause physical harm to printers.
The scientists have thus far found security faults in multi-function printers mass-produced by computer hardware titans Dell, Lexmark and HP. No less than 20 multi-function printers are understood to have the faults.
The printer safety faults are in usual printing languages utilized by printer producers – languages which were first developed about 32 years ago. As per the scientists, the faults in PostScript and PJL languages might possibly be abused distantly using sophisticated cross-site printing methods if users are persuaded to visit a specifically created website. The scientists have termed the method for distantly hacking PostScript printers as CORS spoofing. However, anybody linked to the printers might also abuse the faults.
To show how the faults might be abused, the scientists created a tool known as the Printer Exploitation Toolkit (PRET). PRET might be utilized to abuse the faults through network access or through USB. The scientists were capable to utilize this tool to control printing jobs, seize data transmitted to the printer, retrieve printer file methods and even actually harm the device. Proof of ideas has been printed on Github displaying how the flaws could be exploited to steal users’ credentials.
Worryingly, the scientists highlight that the printer isn’t the only appliance that can be hacked. “An assailant can intensify her way into a system, using the printer appliance as a beginning point.”
Although abusing security faults can be a complicated procedure needing considerable knowhow of the systems and language, in this instance ‘hacking’ the printers is comparatively easy.
A wide variety of printers have these weaknesses, including a few of the most popular printers from Lexmark, HP, Dell, and Samsung – the HP LaserJet 4200N, 1200, and 4250N, the Dell 3130cn and the Samsung Multipress 6345N, for instance.
The scientists highlight that the printers can’t cope with usernames of over 150 characters. If lengthy usernames are transmitted to the printers they smash and need a manual restart. Nevertheless, it was highlighted that if the correct return address and shell code are used, the safety faults in multi-function printers might let distant code execution.
Until the issue is resolved, users can alleviate danger by not revealing their printers to the Internet. System managers must also inactivate raw port 9100/tcp printing if it’s not needed. These methods only make it tougher for the errors to be misused. They don’t safeguard the apparatuses. To do that, the scientists suggest sandboxing the printers in an isolated VLAN and restraining access through a hardened print server.
System managers must make sure that access to copy rooms is restricted to official people and propose that directions are provided to the workforce to inform any strange printouts like HTTP headers because these might show printers have undergone a cross-site printing attack.