Top

Published in:

2019 | OriginalPaper | Chapter

You Overtrust Your Printer

Authors : Giampaolo Bella, Pietro Biondi

Published in: Computer Safety, Reliability, and Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Printers are common devices whose networked use is vastly unsecured, perhaps due to an enrooted assumption that their services are somewhat negligible and, as such, unworthy of protection. This article develops structured arguments and conducts technical experiments in support of a qualitative risk assessment exercise that ultimately undermines that assumption. Three attacks that can be interpreted as post-exploitation activity are found and discussed, forming what we term the Printjack family of attacks to printers. Some printers may suffer vulnerabilities that would transform them into exploitable zombies. Moreover, a large number of printers, at least on an EU basis, are found to honour unauthenticated printing requests, thus raising the risk level of an attack that sees the crooks exhaust the printing facilities of an institution. There is also a remarkable risk of data breach following an attack consisting in the malicious interception of data while in transit towards printers. Therefore, the newborn IoT era demands printers to be as secure as other devices such as laptops should be, also to facilitate compliance with the General Data Protection Regulation (EU Regulation 2016/679) and reduce the odds of its administrative fines.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Analysis of Security Overhead in Broadcast V2V Communications

next chapter Three Reasons Why: Framing the Challenges of Assuring AI

Shemshadi, A., Sheng, Q.Z., Qin, Y., Sun, A., Zhang, W.E., Yao, L.: Searching for the internet of things: where it is and what it looks like. Pers. Ubiquit. Comput. 21, 1097–1112 (2017)CrossRef

Costantino, G., Matteucci, I.: CANDY CREAM - haCking infotAiNment anDroid sYstems to Command instRument clustEr via cAn data fraMe. In: Proceedings of the 17th IEEE International Conference on Embedded and Ubiquitous Computing EUC 2019. IEEE (2019, in press)

Union, E.: General Data Protection Regulation (EU Regulation 2016/679) (2016). https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L:2016:119:FULL

Shodan: search engine for the Internet of Things (2019). https://www.shodan.io/

Wikipedia: European states by GDP. https://en.wikipedia.org/wiki/List_of_sovereign_states_in_Europe_by_GDP_(nominal)

International Organization for Standardization: Information technology - Security techniques - Information security risk management (2018). https://www.iso.org/standard/75281.html

Sirbu, M.: Security concerns in a 5G era: are networks ready for massive ddos attacks? (2019). https://www.scmagazineuk.com/security-concerns-5g-era-networks-ready-massive-ddos-attacks/article/1584554

Vice: How 1.5 Million Connected Cameras Were Hijacked to Make an Unprecedented Botnet (2016). https://www.vice.com/en_us/article/8q8dab/15-million-connected-cameras-ddos-botnet-brian-krebs

MITRE (2019). https://cve.mitre.org/

10.

MITRE: CVE-printer (2019). https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=printer

11.

MITRE: CVE-printer (2019). https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=printers

12.

NIST: CVE-2014-3741 (2014). https://nvd.nist.gov/vuln/detail/CVE-2014-3741

13.

Müller, J., Mladenov, V., Somorovsky, J., Schwenk, J.: SoK: exploiting network printers. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 213–230 (2017)

14.

Wireshark: Wireshark project (2019). https://www.wireshark.org/

15.

Ettercap: Ettercap project (2019). https://www.ettercap-project.org/

16.

GitHub: Printer Exploitation Toolkit (2018). https://github.com/RUB-NDS/PRET

17.

Muller, J.: Printer Tool Wiki (2017). http://hacking-printers.net/wiki/index.php/Main_Page

18.

Vice: This Teen Hacked 150,000 Printers to Show How the Internet of Things Is Shit (2017). https://www.vice.com/en_us/article/nzqayz/this-teen-hacked-150000-printers-to-show-how-the-internet-of-things-is-shit

Title: You Overtrust Your Printer
Authors: Giampaolo Bella
Pietro Biondi
Publisher: Springer International Publishing
Book: Computer Safety, Reliability, and Security
Print ISBN: 978-3-030-26249-5

Electronic ISBN: 978-3-030-26250-1

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-26250-1_21

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner