Yesterday I read in the FAZ (Frankfurter Allgemeine Zeitung) that hackers are nowadays concentrating on hacking printers instead of workstations. To sum things up, the basic assumption is that important information will not merely remain in the digital form, but will soon or later printed. Especially in bigger companies, multi-national corporate giants, printing is done over the network.
To many hackers joy, the printers are not secured that well. Compared to workstations, servers or file-storages, the security measures aimed at keeping unauthorized access out is laughable. I did some testing with my Brother MFC 7820N Printer, which operates over the network here.
It is accessible by four access points, lays in the same subnet mask and ip-range. Pretty much easy to access, without a mac-filter or anything. A simple log-on form to control the printing activities and setup. It allows settings such as gateway, primary dns, wins-server, subnetmask et cetera. I have been reading rather a lot of articles recently at irongeek.com – one about cain and network ARP poisening. Catching a password over the network (either WLAN or LAN) is extremely easy and it merely depends on the network activities (if no-one surfs or access any sites, no secret information will be sent). Anyway the reason for typing down this text was actually only based on the fact that I wanted to upload my Network-Deployment driver for the Brother MFC 7820N with all settings and files embed (this means ip address and drivers pre-configured). If you want to build your own network-deployment driver, get the file at brother´s website at Brother.com
My network deployment kit is available here (not much usable for anyone but me I guess, still I am too lazy to Google the net for my printer driver whenever I re-install my OS or configure PCs around).
If you enjoyed this post, make sure you subscribe to my RSS feed!
h4x3d.com does not host any illegal content. Links/Files referred to are for educational purposes only.
2
June 5, 20081:29 am
June 5th, 2008 1:29 am
Plastkort
Interesting article, but what exactly are the benefits of hijacking a printer??
4
June 5, 200810:11 am
June 5th, 2008 10:11 am
jez
@Plastkort: peope do not send important files via emails. if they transfer them they use either optical media (CDs, DVDs, etc) or they simply print them, because afterall “you can simply burn a paper” (okay you can burn a cd, too, but that’s not the point. The point is that their mind set tells them that if they have it on paper, it is safe.)
now if you are to hack a printer, you can “intercept” these documents and download them. by doing so, senstive information can be accessed.
now if this is reasonable or not is a different thing, however most printers (such as our brother printer) are not secured (or if so badly), so this is the next generation of hacking.
6
June 9, 200811:34 am
June 9th, 2008 11:34 am
Au pair
@jez would printing user and password not violate security policies?
8
June 9, 200812:38 pm
June 9th, 2008 12:38 pm
jez
@Au pair: it is not really about printing usernames and passwords, but about the information that can be gained from the output that would else go into a manager’s bag and get carried home. or imagine intercepting the latest production and sales figures of competitors – the field is basically open to everything… if you were to get engaged in this kind of activity.
10
September 11, 200911:34 am
September 11th, 2009 11:34 am
Matt
While loading malicious code on a printer or sniffing packets from them is possible it’s also highly unlikely due to the various versions of firmware, protocols and overall network security in most corporations now. We’ve been installing copiers all year that have the option to send all prints over SSL, so that’s a big leap in printer security.