Explore a comprehensive analysis of network printer vulnerabilities and exploitation techniques in this 20-minute IEEE conference talk. Delve into the methodology for conducting security analyses on printers and learn about the open-source Printer Exploitation Toolkit (PRET). Discover the results of evaluating 20 printer models from various vendors, revealing common vulnerabilities such as Denial-of-Service attacks and print job extraction. Gain insights into advanced cross-site printing techniques and printer CORS spoofing that enable attacks from the Internet. Examine the application of these attacks to systems beyond typical printers, including Google Cloud Print and document processing websites.
Overview
Syllabus
Intro
Why printers?
How to print?
Overview
Attacker model: Physical access
Attacker model: Web attacker
Denial of service
Protection bypass
Print job manipulation
Evaluation results
Printer Exploitation Toolkit (PRET)
PostScript in the web?
Conclusions
Taught by
IEEE Symposium on Security and Privacy