tim.vangehugten Posted June 3, 2008 Share Posted June 3, 2008 This might be helpfull and a warning to all network printers... Beware: Your Network Printer Can Be Hacked By David Strom 2008-06-02 The Strominator doesn't want you to live in fear, but this security hacking issue could wreak havoc in your network. I am not sure I should be telling you this, but your network is a sitting duck for a break-in that is both so elegant and potentially dangerous. All you need is your Web browser and some basic knowledge, and while I put a few things together in this column, it didn’t take me more than a few minutes of research to do it. This exploit can easily pass through your firewalls. It can get around your most sophisticated intrusion prevention systems, and once someone is inside your network, they can operate in full view of everyone, avoiding the scrutiny of even the savviest network administrator. How so, you might ask? Go to Google and type (or copy and paste) in the following text in the search field, and you’ll see an example of what I am talking about: inurl:hp/device/this.LCDispatcher What is going on here? Simple. Your print servers (among other devices that are connected to your network) have built-in Web and other server that can be used to launch an attack on your network. Many of these print servers have been long forgotten about by anyone in IT. They operate from a position of trust inside your network. They have to; Otherwise, no one would get anything printed out. And if you click on any of the retrieved pages in our search above, you will be transported instantly to print servers that are sitting ducks for hackers to take over. I managed to connect to ones in China and Germany, and saw that some needed toner or paper, for example. Yes, it will take a bit more work to install some rogue application, and yes, just Googling them isn’t really an exploit. But you should have felt a chill up your back as I did when I first started thinking about this situation. And print servers aren’t the only sitting ducks, just the easiest to explain. How many other IP-connected devices are running on your network that have been long since installed and forgotten about? Web cameras? Industrial equipment? Fax servers? Scanners? These last two could be even more trouble because they come with phone lines to the outside world that a hacker could use for further exploits. As the number of these networked devices increases, the situation is only going to get worse. So what can you do to stop these sorts of attacks? First off, take the time to locate all these forgotten servers. Do a regular scan of what active IPs are out on your network, and see if you can associate all of them with known users. Start doing the research on the unrecognized IP addresses. Second, scan for traffic on port 9100. This is often the port used by print servers, and it is an easy way to track down the servers that you have forgotten. Finally, take some time to read through this documentation from HP (if you have HP servers) or something similar from your vendor: http://h20000.www2.hp.com/bizsupport/TechS....jsp?objectID=b pj05999 Do you have additional comments on this? I would love to hear from you. Please post your suggestions, and I will share them. source: http://www.baselinemag.com/c/a/Security/Be...-Can-Be-Hacked/ Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 3, 2008 Share Posted June 3, 2008 Who is silly enough to allow there printer to have a Internet IP address? Quote Link to comment Share on other sites More sharing options...
digip Posted June 3, 2008 Share Posted June 3, 2008 Who is silly enough to allow there printer to have a Internet IP address? Most corporate printers have their own nic and ip address but some (like the HP printers) have complete login capabilities similar to a router. It's just a matter of scanning a network for the devices and trying to login to them. Saw this article about a month ago: http://isc.sans.org/diary.html?storyid=4453 One thing to note, some of these routers have failover dial up capabilities, and from what I have seen at work, you get blocked when tyring to telnet or http in, but when dialed into with a modem over normal phone lines, they often just put you directly into a command prompt. Not only are Cisco routers and HP Printers vulnerable, but ATM machines are often not configured properly, so it's just a matter of finding the machines phone number, and it not being secured properly, which happens more often than you would think. Quote Link to comment Share on other sites More sharing options...
Razor512 Posted June 4, 2008 Share Posted June 4, 2008 pretty bad security flaw someone could use superpi and generate pi to 32 million places then print it out over night over and over Quote Link to comment Share on other sites More sharing options...
digip Posted June 4, 2008 Share Posted June 4, 2008 pretty bad security flaw someone could use superpi and generate pi to 32 million places then print it out over night over and over Or bounce through a trusted service to steal information from a company. Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 4, 2008 Share Posted June 4, 2008 Not only can a printer be an attack vector on to a network (if you are thick enough to let it have a Internet IP address). If someone is able to upload their own firmware, there is no reason they couldn't have the printer email them every document it prints. How much useful information comes out of your printer every week? Quote Link to comment Share on other sites More sharing options...
webjockey Posted June 4, 2008 Share Posted June 4, 2008 How much useful information comes out of your printer every week? None Some security cameras have this feature of an internet IP address. There is even one for a camera overlooking an airport in germany. And also, theres one in Perth, Australia which you can actually control from the WebUI (Pan Left/Right Up/Down, Zoom in/out). Quote Link to comment Share on other sites More sharing options...
Razor512 Posted June 4, 2008 Share Posted June 4, 2008 None Some security cameras have this feature of an internet IP address. There is even one for a camera overlooking an airport in germany. And also, theres one in Perth, Australia which you can actually control from the WebUI (Pan Left/Right Up/Down, Zoom in/out). yep there hundreds of them, there fun to look at when your bored :) http://69.229.56.161/top/liveapplet.html and if you google around, you will find many in peoples houses that you can control, you will mainly just see people eating or watching tv so it's pretty boring Quote Link to comment Share on other sites More sharing options...
beakmyn Posted June 4, 2008 Share Posted June 4, 2008 http://www.irongeek.com/i.php?page=securit...kprinterhacking Yep, nothing new but can be fun, just like some people I know who like to print to random wireless printers they find Quote Link to comment Share on other sites More sharing options...
K1u Posted June 5, 2008 Share Posted June 5, 2008 Haha... this reminded of http://www.crn.com.au/News/32515,sophos-di...ting-virus.aspx Quote Link to comment Share on other sites More sharing options...
Razor512 Posted June 6, 2008 Share Posted June 6, 2008 if the printer has enough memory, you can download the pi file used to break a record by getting pie to almost 5 billion decimal places (imagine printing that out ) i wonder if there will ever be a fix for this security flaw Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 6, 2008 Share Posted June 6, 2008 i wonder if there will ever be a fix for this security flaw You might have already herd of it, it's a strange word, so I'll brake it up in to smaller pieces. fire (as in burning) wall (as in garden). Quote Link to comment Share on other sites More sharing options...
metatron Posted June 6, 2008 Share Posted June 6, 2008 if the printer has enough memory, you can download the pi file used to break a record by getting pie to almost 5 billion decimal places (imagine printing that out ) i wonder if there will ever be a fix for this security flaw It was never a security flaw, its a feature. The issue is that the world is filled to many Windows admin that have no idea about securing network equipment. The only thing they are certified in, is as about as useful as a second ass hole. This "flaw" if you will is very, very, very, very....old. Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 6, 2008 Share Posted June 6, 2008 It was never a security flaw, its a feature. The issue is that the world is filled to many Windows admin that have no idea about securing network equipment. The only thing they are certified in, is as about as useful as a second ass hole. This "flaw" if you will is very, very, very, very....old. I'll add that to the list of reasons MSCE's are worthless. Quote Link to comment Share on other sites More sharing options...
MRGRIM Posted June 6, 2008 Share Posted June 6, 2008 Hummmm MCSE is not a Cisco certification so securing your network is not the same as hardening a server now is it? :P Again - why would you give you printers access to the web? I can't find a single reason? Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 6, 2008 Share Posted June 6, 2008 Hummmm MCSE is not a Cisco certification so securing your network is not the same as hardening a server now is it? :P Again - why would you give you printers access to the web? I can't find a single reason? Who is silly enough to allow there printer to have a Internet IP address? A guy with a MSCE doesn't nessaserily know to look for it, they will just plug it in reguardless. Quote Link to comment Share on other sites More sharing options...
MRGRIM Posted June 6, 2008 Share Posted June 6, 2008 Well exactly that's kind of my point... I'm working toward my MCSE, but I don't claim for a second to know much about networking, I mean ok I've got the basics and can trouble shoot, but thats what we have Network Admins for? I am a big beliver about having specalists do what they are good at... I wouldn't hire a MCSE to monitor my linux network or network security ;) but then again I've "blagged" my skills at an invterview so there might be some validity to your claims :D Quote Link to comment Share on other sites More sharing options...
metatron Posted June 6, 2008 Share Posted June 6, 2008 Well exactly that's kind of my point... I'm working toward my MCSE, but I don't claim for a second to know much about networking, I mean ok I've got the basics and can trouble shoot, but thats what we have Network Admins for? I am a big beliver about having specalists do what they are good at... I wouldn't hire a MCSE to monitor my linux network or network security ;) but then again I've "blagged" my skills at an invterview so there might be some validity to your claims :D Anything other than a large company tend to have a small IT team. On average I've noticed you get around 3 people to every 3 to 4 hundred computers. They tend to hire people with MCSE's and expect them to know enough to handle all their network needs, after all management think it's just an Windows network, they don't think about other things. The reason you have a printer which can be remotely accessed is to make it easier to deploy to remote/small offices and other buildings where you would maybe not want to have to pay/spend time sending your IT staff to. Quote Link to comment Share on other sites More sharing options...
manuel Posted June 6, 2008 Share Posted June 6, 2008 The point I think that needs to be addressed, is regardless if you are MSCE, CISCO, or other certification, if you are adding devices to a network of any sort, you had better be looking at the bigger picture of overall security. Hell I'm only officially A+ Certified, but overall security of network devices is a concern for me. As Metatron stated, who in the hell would put a printer on a public IP address without securing it better? I know I wouldn't regardless of who wanted to print from out of the office. that's my 2 cents worth -Manuel Quote Link to comment Share on other sites More sharing options...
Justin Ewing Posted June 6, 2008 Share Posted June 6, 2008 Networked printers listen on a permanently open port (port 9100) and without authentication. Printers are fundamentally insecure, a factor that makes possible attacks far from difficult. Quote Link to comment Share on other sites More sharing options...
webjockey Posted June 7, 2008 Share Posted June 7, 2008 Thats another thing I can use against printers, they are my mortal enemy, they never work when I want them to. Quote Link to comment Share on other sites More sharing options...
Razor512 Posted June 8, 2008 Share Posted June 8, 2008 Thats another thing I can use against printers, they are my mortal enemy, they never work when I want them to. depends on the printer:) whats really weird is that when searching google, i saw some extremely expensive printers open to this flaw, someone could kill like $300 worth of ink in one night if they print out a a few thousand page long color sheet showing using the full CMYK just hope ad companies don't start exploiting this, it will be even worst than the cellphone telemarketing calls i had one of those before i could register for the do not call list (just wish the government could do a do not spam list that will target spammers who fill peoples junk mail folders, using the full force of the military to track them down and test out if a spammer and a few thousand bullets can occupy the same space :). war on spammers is a much more noble cause than war on Iraq, and best of all, there will be far less casualties since our military is sure to have more firepower than the spammers. If it is successful in the US then with luck, other countries will join in and with the combine force of every army on the planet, junk email will be almost nonexistent) Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 8, 2008 Share Posted June 8, 2008 just hope ad companies don't start exploiting this, it will be even worst than the cellphone telemarketing calls i had one of those before i could register for the do not call list Windows messenger but far far worse? Quote Link to comment Share on other sites More sharing options...
proskater123 Posted June 16, 2008 Share Posted June 16, 2008 Someone mentioned email alerts? well they already have them built in http://128.61.51.24/hp/device/this.LCDispa...=hp.EmailServer Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.