A research paper from a team of academics reports on serious flaws in a number of printers that could allow remote attackers to gain access and siphon out documents, according to a report on ZDNet.
Internet-connected printers from a number of manufacturers – including Dell, HP, Lexmark, Brother and Samsung – were shown to contain security vulnerabilities that could enable remote attackers to steal passwords, gain control of the printers, as well as lift printed documents stored in the device’s memory.
The paper, authored by Jens Müller, Vladislav Mladenov and Juraj Somorovsky of Ruhr-University Bochum in Germany, described six security flaws that could enable attackers to tether to a printer and usurp control of any of three common printer languages, such as PostScript and PJL. Although previously detected, the flaws remain unpatched.
The team worked for a year to develop a Python toolkit they named Printer Exploitation Toolkit (or “PRET”), which can help pentesters locate vulnerable devices. The toolkit simply seeks a valid target, such as an IP address of a vulnerable printer, the report stated.
The flaws could allow a remote attacker to search a printer’s memory for a company’s proprietary information, such as contracts or patient health data. Additionally, because of the unpatched bugs, attackers could also read a target printer’s network credentials, which could grant access to the company’s entire network, the team said.
All of the manufacturers of affected devices were notified in October, but the report claimed that only Dell responded – albeit the researchers said the company did not follow up.
The team’s research will be presented in May at a security conference produced by Ruhr University.