Explore the often overlooked security vulnerabilities of networked printers in this 45-minute conference talk from Nullcon Berlin 2024. Dive deep into the inner workings of office printers, examining their underlying Linux or proprietary real-time operating systems. Learn techniques for accessing and debugging closed, undocumented printer firmware. Examine three detailed exploit chains for various printer models, including memory corruption exploits for CANON ImageCLASS and logic bug chains for Lexmark printers, both leading to full device compromise. Gain insights into exploits submitted as part of the annual Pwn2Own competition, with a thorough breakdown of the bugs and exploitation methods. Enhance your understanding of network security, firmware exploits, and cybersecurity challenges in commonly overlooked office equipment.
Overview
Syllabus
Nullcon Berlin 2024 | Printer Hacking Adventures - Peter Geissler
Taught by
nullcon