[Dshield] Known instances of malware using printers as an attack vector?
sfaber at cmu.edu
Wed Feb 28 11:53:22 GMT 2007
Take a look at "Penetration Analysis of a XEROX Docucenter DC 230ST:
Assessing the Security of a Multi-purpose Office Machine" (Thomas E. Daniels, et. al., CERIAS T.R. No. 99-09) http://csrc.nist.gov/nissc/2000/proceedings/papers/034.pdf It's a bit dated, but a good comprehensive work on the functionality of printers and the like.
HP JetDirects were susceptible to SNMP vulnerabilities when scanning with Protos (http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/), that was back in 2002 so I'd hope it's been fixed by now.
With printers, I'd suggest not only considering the traditional denial-of-service and take control exploits, but also consider the impact of confidentiality. Can docs printed ever be cached and later retrieved from the device? Another important feature is logging--I know of a company that used to log all printer activity, and found it to be a very rich data source for forensics.
ed.truitt at etee2k.net wrote:
> I have been asked to look into whether our network printers present a
> level of risk to the network that is higher than has been the case in
> previous years. In order to answer that question, I was wondering if
> anyone has solid evidence of the following:
> * Malware (of whatever type) that actually attacks printers, or uses a
> vulnerability found on a network printer to propogate
> * An increase in vendor disclosures of vulnerabilities in their
> printing products, and specifically an increase in the number of
> security fixes (patches) issued for printer-related vulnerabilities
> TIA for any assistance you can provide.
> ~Ed T.
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)
More information about the list