Security News > 2021 > November > Researchers warn of severe risks from ‘Printjack’ printer attacks
A team of Italian researchers has compiled a set of three attacks called 'Printjack,' warning users of the significant consequences of over-trusting their printer.
The first type of Printjack attack is to recruit the printer in a DDoS swarm, and threat actors can do this by exploiting a known RCE vulnerability with a publicly available PoC. The researchers use CVE-2014-3741 as an example but underline that at least a few dozen other vulnerabilities are available in the MITRE database.
In the most severe type of Printjack attacks, there's the potential to carry out "Man in the middle" attacks and eavesdrop on the printed material.
For demonstration, the researchers used Ettercap to interpose between the sender and the printer, and then Wireshark intercepted a PDF file sent for printing.
"Well beyond the technicalities of the attacks lies a clear lesson learned. Printers ought to be secured equally as other network devices such as laptops normally are," Bella and Biondi conclude in their paper.
"A few appropriate security measures can be envisaged. For example, if user access to a laptop is normally authenticated, then so should be user access to the web-server-based admin panel of a printer, which often allows, for example, printer reset, printer name change, access to list of printed file names, etc."
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-10-23 | CVE-2014-3741 | Command Injection vulnerability in Node-Printer Project Node-Printer 0.0.1 The printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in the lpr command. | 7.5 |