Dailydave mailing list archives
Printers and Spies - My Oh My!
From: "Vineet M. Bhatia" <vmbhatia () gmail com>
Date: Mon, 28 Jan 2013 08:51:41 +0400
It isn't news that printers and multifunction devices hold a plethora of confidential information that is an easy target for attackers. There have been far and wide<http://nakedsecurity.sophos.com/2012/01/05/hp-patches-printer-firmware-flaw/> complaints of vulnerable firmware across a magnitude of devices. That hasn't changed much for printer manufacturers who insist on packing more and more functionality into their devices. I was contemplating on buying a new dot-matrix printer connected to my parallel port, when this happened; researchers have been able to use acoustic side channel attacks to recover the contents of a medical prescription printed by a doctor. The same attack was used to recover data from PIN mailers printed by a bank on a secure form. Having said this, even dot-matrix printers are not secure<http://www.infsec.cs.uni-saarland.de/projects/printer-acoustic/> . Then, there is this "news piece<http://www.youtube.com/watch?v=okhfDsKmAoY&feature=youtu.be>" from the Netherlands. Talks about the e-print functionality in default installations of HP printers. They might be sensationalist news items, but the claims of corporate espionage and individual privacy are not far fetched. While you are reeling from the sheer insecurities of these "traditional home appliances", another news piece comes out and says, you can access over 85,000 printers publicly indexed <https://www.google.com/#hl=en&tbo=d&output=search&sclient=psy-ab&q=inurl:hp%2Fdevice%2Fthis.LCDispatcher%3Fnav%3Dhp.Print>on Google. Unless you haven't already seen *Sebastián Guerrero’s<https://viaforensics.com/security/exploiting-printers-via-jetdirect-vulns.html> * post, JetDirect is also broken. Feel free to enjoy your preferred brand of a caffeine drink while you watch this expose news item and come up with an idea to do all of this on a cool 3d printer.
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Printers and Spies - My Oh My! Vineet M. Bhatia (Jan 28)