[Dailydave] Printers and Spies - My Oh My!

Vineet M. Bhatia vmbhatia at gmail.com
Sun Jan 27 23:51:41 EST 2013 

It isn't news that printers and multifunction devices hold a plethora of
confidential information that is an easy target for attackers. There have
been far and wide<http://nakedsecurity.sophos.com/2012/01/05/hp-patches-printer-firmware-flaw/>
complaints
of vulnerable firmware across a magnitude of devices. That hasn't changed
much for printer manufacturers who insist on packing more and more
functionality into their devices. I was contemplating on buying a new
dot-matrix printer connected to my parallel port, when this happened;
researchers have been able to use acoustic side channel attacks to recover
the contents of a medical prescription printed by a doctor. The same attack
was used to recover data from PIN mailers printed by a bank on a secure
form. Having said this, even dot-matrix printers are not
secure<http://www.infsec.cs.uni-saarland.de/projects/printer-acoustic/>
.

Then, there is this "news
piece<http://www.youtube.com/watch?v=okhfDsKmAoY&feature=youtu.be>"
from the Netherlands. Talks about the e-print functionality in default
installations of  HP printers. They might be sensationalist news items, but
the claims of corporate espionage and individual privacy are not far
fetched. While you are reeling from the sheer insecurities of these
"traditional home appliances", another news piece comes out and says, you
can access over 85,000 printers publicly indexed
<https://www.google.com/#hl=en&tbo=d&output=search&sclient=psy-ab&q=inurl:hp%2Fdevice%2Fthis.LCDispatcher%3Fnav%3Dhp.Print>on
Google.

Unless you haven't already seen *Sebastián
Guerrero’s<https://viaforensics.com/security/exploiting-printers-via-jetdirect-vulns.html>
 * post, JetDirect is also broken.

Feel free to enjoy your preferred brand of a caffeine drink while you watch
this expose news item and come up with an idea to do all of this on a cool
3d printer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20130128/1affaa56/attachment.html>

More information about the Dailydave mailing list