SoK: Exploiting Network Printers

The idea of a paperless office has been dreamed of for more than three decades. However, nowadays printers are still one of the most essential devices for daily work and common Internet users. Instead of removing them, printers evolved from simple devices into complex network computer systems, installed directly into company networks, and carrying considerable confidential data in their print jobs. This makes them to an attractive attack target. In this paper we conduct a large scale analysis of printer attacks and systematize our knowledge by providing a general methodology for security analyses of printers. Based on our methodology, we implemented an open-source tool called PRinter Exploitation Toolkit (PRET). We used PRET to evaluate 20 printer models from different vendors and found all of them to be vulnerable to at least one of the tested attacks. These attacks included, for example, simple DoS attacks or skilled attacks, extracting print jobs and system files. On top of our systematic analysis we reveal novel insights that enable attacks from the Internet by using advanced cross-site printing techniques, combined with printer CORS spoofing. Finally, we show how to apply our attacks to systems beyond typical printers like Google Cloud Print or document processing websites.

[1]  Adobe Press,et al.  PostScript Language Reference Manual , 1985 .

[2]  Postscript language reference manual, Second Edition , 1991 .

[3]  W. Sibert Malicious Data and Computer Security , 1996 .

[4]  Ian H. Witten,et al.  Extracting text from PostScript , 1998 .

[5]  Frank Adelstein,et al.  Malicious code detection for open firmware , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[6]  Bert Wijnen,et al.  An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks , 2002, RFC.

[7]  Ira McDonald,et al.  Printer MIB v2 , 2004, RFC.

[8]  Alex Tsow Phishing with Consumer Electronics - Malicious Home Routers , 2006, MTW.

[9]  -. AlexandreBlonce,et al.  Portable Document Format (PDF) Security Analysis and Malware Threats , 2008 .

[10]  Paul Baccas FINDING RULES FOR HEURISTIC DETECTION OF MALICIOUS PDFS : WITH ANALYSIS OF EMBEDDED EXPLOIT CODE , 2010 .

[11]  Salvatore J. Stolfo,et al.  Print Me If You Dare: Firmware Modification Attacks and the Rise of Printer Malware , 2011 .

[12]  Thorsten Holz,et al.  Crouching tiger - hidden payload: security risks of scalable vectors graphics , 2011, CCS '11.

[13]  Informatika Cross-Site Printing , 2011 .

[14]  Jörg Schwenk,et al.  mXSS attacks: attacking well-secured web-applications by using innerHTML mutations , 2013, CCS.

[15]  Jonas Zaddach Embedded devices security and firmware reverse engineering , 2013 .

[16]  Valentin Hamon,et al.  Malicious URI resolving in PDF documents , 2013, Journal of Computer Virology and Hacking Techniques.

[17]  Salvatore J. Stolfo,et al.  When Firmware Modifications Attack: A Case Study of Embedded Exploitation , 2013, NDSS.

[18]  กิตติศักดิ์ แก้วเนียม สั่งพิมพ์ได้ทุกที่จากทุกอุปกรณ์ด้วย Google Cloud Print , 2013 .

[19]  Aurélien Francillon,et al.  A Large-Scale Analysis of the Security of Embedded Firmwares , 2014, USENIX Security Symposium.

[20]  Jules White,et al.  Cyber-physical security challenges in manufacturing systems , 2014 .

[21]  Peter Saint-Andre,et al.  Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) , 2015, RFC.

[22]  P. Weidenbach,et al.  PWN Xerox Printers (...again) , 2016 .

[23]  Eidesstattliche Erklärung Exploiting Network Printers , 2016 .

[24]  Wenyao Xu,et al.  My Smartphone Knows What You Print: Exploring Smartphone-based Side-channel Attacks Against 3D Printers , 2016, CCS.

[25]  John Bradley,et al.  OAuth 2.0 for Native Apps , 2017, RFC.

[26]  Yuval Elovici,et al.  dr0wned - Cyber-Physical Attack with Additive Manufacturing , 2016, WOOT.