Dailydave mailing list archives
Re: Printers
From: "Adrian P" <unknown.pentester () gmail com>
Date: Thu, 14 Feb 2008 16:16:47 +0000
Well, to me, embedded devices are the overlooked backdoor to corporate networks. There is not enough attention being paid to "miscellaneous" embedded devices such as IP phones, cameras, printers, etc ... Also let's not forget that what makes a "consumer grade" router is becoming very blurry these days as home-type routers are being used in SOHOs and corporate networks (ie: Linksys routers) What's exciting to me is not only the fact that many of these devices can be broken into so easily, but also what can be done _after_ compromising them: stepping stone attacks. In other words: you might have web/app server properly segmented but what about all those random "not big deal" embedded devices exposed to the Internet but located in the LAN of the corporate network? Most people say: "well, you can break into my printer, what a big deal". Well, maybe being able to stop printjobs is not a big deal, but perhaps you can enable port forwarding via the web console of UPnP in order to probe internal systems - then things do get interesting. The possibilities are endless! After researching embedded devices for a while I've realized that the web interfaces and insecure built-in protocols such as UPnP (authentication-less) are the low hanging fruit for attacking such systems. I mean, you find web security bugs that reminds you of things people would find in the early 90s. Anyway, for those interested in this topic I will be giving my "Cracking into Embedded Devices and Beyond!" presentation which will demo Hollywood-style camera hacks (replacing video stream with infinite loop), and wardriving over the Internet via owned embedded devices: http://conference.hackinthebox.org/hitbsecconf2008dubai/?page_id=186 Regards, AP. On Thu, Feb 14, 2008 at 2:25 PM, Dave Aitel <dave () immunityinc com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://www.eweek.com/c/a/Printers/Multifunction-Printers-The-Forgotten-Security-Risk/1/ I found this article quite interesting since Bas just finished a penetration test where he managed to break in through a large printer that was exposed to the Internet. There are real business reasons for having your printers exposed and the risks are somewhat vague, especially to most network security staff. I like seeing some of the theoretical stuff actually happen though. :> Sinan Eren is giving a neat talk in a few days at BlackHat Federal - IO Immunity Style. It starts off with a case study of what happens when someone real goes up against a hard target and isn't doing a penetration test. After that you get to see a demo of PINK, which is an essentially undetectable-on-the-wire remote beaconing trojan he wrote. Then at the end you get to ask questions of one of the finest information security minds in the industry. I'll be at the first day of BH Federal as well, and helping with the defend the flag. So hopefully I'll see a lot of the people on this list there! - -d -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHtE9ZB8JNm+PA+iURAgjnAJ4scFakSWYK20N1II57vJEnhWIJaQCgsO6c EhMsBLYveYQYPqp3qZIiV6s= =gFxK -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
-- pagvac gnucitizen.org _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Printers Dave Aitel (Feb 14)
- Re: Printers Adrian P (Feb 14)
- Re: Printers dan (Feb 15)
- Re: Printers Adrian P (Feb 14)