[Dshield] Known instances of malware using printers as an attack vector?

Sid sfaber at cmu.edu
Wed Feb 28 11:53:22 GMT 2007

Take a look at "Penetration Analysis of a XEROX Docucenter DC 230ST:
Assessing the Security of a Multi-purpose Office Machine" (Thomas E. Daniels, et. al., CERIAS T.R. No. 99-09)  http://csrc.nist.gov/nissc/2000/proceedings/papers/034.pdf  It's a bit dated, but a good comprehensive work on the functionality of printers and the like.

HP JetDirects were susceptible to SNMP vulnerabilities when scanning with Protos (http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/), that was back in 2002 so I'd hope it's been fixed by now.

With printers, I'd suggest not only considering the traditional denial-of-service and take control exploits, but also consider the impact of confidentiality.  Can docs printed ever be cached and later retrieved from the device?  Another important feature is logging--I know of a company that used to log all printer activity, and found it to be a very rich data source for forensics.

ed.truitt at etee2k.net wrote:
> I have been asked to look into whether our network printers present a  
> level of risk to the network that is higher than has been the case in  
> previous years.  In order to answer that question, I was wondering if  
> anyone has solid evidence of the following:
> * Malware (of whatever type) that actually attacks printers, or uses a  
> vulnerability found on a network printer to propogate
> * An increase in vendor disclosures of vulnerabilities in their  
> printing products, and specifically an increase in the number of  
> security fixes (patches) issued for printer-related vulnerabilities
> TIA for any assistance you can provide.
> ~Ed T.
> _________________________________________
> SANS 2007 March 29 - April 6 in San Diego, CA offers 52 Courses
> taught by our top rated instructors plus a huge vendor tools expo.
> Register Today! http://www.sans.org/info/2501 (BROCHURECODE: ISC)

More information about the list mailing list