Video Demo: Printer Flaws Allow Hackers to Take Over LAN

After he gave HP around a month to patch up their vulnerabilities that affected some of their LaserJet printers, Ang Cui, the Columbia University researcher demonstrated his proof of concept at the 28C3 Chaos Communications Congress in Berlin, Germany.

In a one-hour demonstration, Cui explained how he managed to reverse-engineer the firmware update process on some HP LaserJet printers, allowing him not only to take over the printer, but also entire local area networks (LANs) to which the printer is connected to.

In his first demo, the researcher sent a maliciously crafted document to a printer, altering the system to make a copy of all the printed documents, posting them online to a certain IP address.

The second example proved that a printer could be compromised with a specially designed file, allowing an attacker to scan an entire LAN in search for vulnerable PCs that could be exploited.

Cui advises users to immediately update their printer’s firmware because, if cybercriminals manage to access the device first, they may program it so that it refuses other updates.

He also explained that the firmware update issued by HP to make sure that only signed firmware is accepted by the device only partly solves the problem.

“Signed code doesn’t mean secure code because you’re going to go ahead and signe that compression library that has the buffer overflow in it and that’s just going to be a signed vulnerability. It’s like putting up your thumb to block the sun,” he said.

“This specific vulnerability won’t work anymore, but we could just go back to buffer overflows to own the printer.”

Finally, it’s his belief that the issues he highlighted don’t apply only to printers, but to all embedded systems. This is why hardware manufacturers should work with security solutions providers to develop some sort of anti-malware software for all embedded systems.