[go: up one dir, main page]
Skip to main content
SpringerLink
Log in

You Overtrust Your Printer

  • Conference paper
  • First Online:
Computer Safety, Reliability, and Security (SAFECOMP 2019)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11699))

Included in the following conference series:

Abstract

Printers are common devices whose networked use is vastly unsecured, perhaps due to an enrooted assumption that their services are somewhat negligible and, as such, unworthy of protection. This article develops structured arguments and conducts technical experiments in support of a qualitative risk assessment exercise that ultimately undermines that assumption. Three attacks that can be interpreted as post-exploitation activity are found and discussed, forming what we term the Printjack family of attacks to printers. Some printers may suffer vulnerabilities that would transform them into exploitable zombies. Moreover, a large number of printers, at least on an EU basis, are found to honour unauthenticated printing requests, thus raising the risk level of an attack that sees the crooks exhaust the printing facilities of an institution. There is also a remarkable risk of data breach following an attack consisting in the malicious interception of data while in transit towards printers. Therefore, the newborn IoT era demands printers to be as secure as other devices such as laptops should be, also to facilitate compliance with the General Data Protection Regulation (EU Regulation 2016/679) and reduce the odds of its administrative fines.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Shemshadi, A., Sheng, Q.Z., Qin, Y., Sun, A., Zhang, W.E., Yao, L.: Searching for the internet of things: where it is and what it looks like. Pers. Ubiquit. Comput. 21, 1097–1112 (2017)

    Article  Google Scholar 

  2. Costantino, G., Matteucci, I.: CANDY CREAM - haCking infotAiNment anDroid sYstems to Command instRument clustEr via cAn data fraMe. In: Proceedings of the 17th IEEE International Conference on Embedded and Ubiquitous Computing EUC 2019. IEEE (2019, in press)

    Google Scholar 

  3. Union, E.: General Data Protection Regulation (EU Regulation 2016/679) (2016). https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L:2016:119:FULL

  4. Shodan: search engine for the Internet of Things (2019). https://www.shodan.io/

  5. Wikipedia: European states by GDP. https://en.wikipedia.org/wiki/List_of_sovereign_states_in_Europe_by_GDP_(nominal)

  6. International Organization for Standardization: Information technology - Security techniques - Information security risk management (2018). https://www.iso.org/standard/75281.html

  7. Sirbu, M.: Security concerns in a 5G era: are networks ready for massive ddos attacks? (2019). https://www.scmagazineuk.com/security-concerns-5g-era-networks-ready-massive-ddos-attacks/article/1584554

  8. Vice: How 1.5 Million Connected Cameras Were Hijacked to Make an Unprecedented Botnet (2016). https://www.vice.com/en_us/article/8q8dab/15-million-connected-cameras-ddos-botnet-brian-krebs

  9. MITRE (2019). https://cve.mitre.org/

  10. MITRE: CVE-printer (2019). https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=printer

  11. MITRE: CVE-printer (2019). https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=printers

  12. NIST: CVE-2014-3741 (2014). https://nvd.nist.gov/vuln/detail/CVE-2014-3741

  13. Müller, J., Mladenov, V., Somorovsky, J., Schwenk, J.: SoK: exploiting network printers. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 213–230 (2017)

    Google Scholar 

  14. Wireshark: Wireshark project (2019). https://www.wireshark.org/

  15. Ettercap: Ettercap project (2019). https://www.ettercap-project.org/

  16. GitHub: Printer Exploitation Toolkit (2018). https://github.com/RUB-NDS/PRET

  17. Muller, J.: Printer Tool Wiki (2017). http://hacking-printers.net/wiki/index.php/Main_Page

  18. Vice: This Teen Hacked 150,000 Printers to Show How the Internet of Things Is Shit (2017). https://www.vice.com/en_us/article/nzqayz/this-teen-hacked-150000-printers-to-show-how-the-internet-of-things-is-shit

Download references

Acknowledgements

We are indebted to Gianpiero Costantino and Ilaria Matteucci for arousing innumerable inspiring discussions. This work has been partially supported by the GAUSS national research project (MIUR, PRIN 2015, Contract 2015KWREMX).

Author information

Authors and Affiliations

  1. Dipartimento di Matematica e Informatica, Università di Catania, Catania, Italy

    Giampaolo Bella & Pietro Biondi

  2. Istituto di Informatica e Telematica - Consiglio Nazionale delle Ricerche, Pisa, Italy

    Pietro Biondi

Authors
  1. Giampaolo Bella
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pietro Biondi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Giampaolo Bella or Pietro Biondi .

Editor information

Editors and Affiliations

  1. Newcastle University, Newcastle-upon-Tyne, UK

    Alexander Romanovsky

  2. Åbo Akademi University, Turku, Finland

    Elena Troubitsyna

  3. City, University of London, London, UK

    Ilir Gashi

  4. AIT Austrian Institute of Technology, Vienna, Austria

    Erwin Schoitsch

  5. Thales Deutschland GmbH, Berlin, Germany

    Friedemann Bitsch

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bella, G., Biondi, P. (2019). You Overtrust Your Printer. In: Romanovsky, A., Troubitsyna, E., Gashi, I., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2019. Lecture Notes in Computer Science(), vol 11699. Springer, Cham. https://doi.org/10.1007/978-3-030-26250-1_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-26250-1_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-26249-5

  • Online ISBN: 978-3-030-26250-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation