Attack Vectors for Printing Devices Part 1

00:00

Welcome back to Printing Security Intermediate Course. In this video and this module, I'm going to talk about ways that printers are being attacked and how you can defend from it.

00:12

And in this particular lesson, I'm going to talk about what our security threats associating with print ding devices and what are the collectors.

00:23

So 1st 1 is identity spoofing,

00:27

and ah, this is possible because I'm if bees can be used to send email. So

00:34

when you send an email from the wise, you put the paper in in the scanner and then the device scans it

00:43

and you get this screen or something like this in which you have the from so basically who is sending and then you you choose the recipient list. You can put the normal subject, and then you can

00:58

name the file name because it's being scanned with the generic filing

01:03

or you can just leave it with without any

01:10

anything. You can just leave the subject empty.

01:12

Now, if you are administering that printer, for example, you can choose that from cannot be changed so that every device is getting Durgin and generic from email address.

01:26

Or

01:27

you can choose to uh, make sure that

01:33

ah, user who is using the printer your AMFB is authenticating on it in several different ways. It can be, for example, the standard Windows user name and password.

01:46

Or, if you have ah, connected some software and card reader for authentication, they can use the digital badge that they're using to enter the building

01:56

toe authenticated device and, in which case, their original. Your email address is populated in the from field, and they cannot change it. Why is this important? Because

02:10

somebody can scan some documents and change the mail from address of nobody knows who sent it or they can use. That's just the generic email address. So some confidential document they get scanned, they get sent outside

02:24

Andi unless somebody's tracking that. Nobody knows that the confirmation information have leaked outside the company. Also, they can use this to send a threatened mail to government official, which is crime by itself, and the company can be held liable. Of course, depending on the country knew which you live in,

02:43

the company can be held the liable legally responsible for this act, so you have to make sure that doesn't happen.

02:53

Um,

02:54

so uh,

02:59

this is pretty much everything that is about identity spoofing gone on MFP device. Also connected to this is leaking information. So, um,

03:09

when we talk about these things,

03:13

somebody can read print files and documents stored on the hard drive will print Haram. If b

03:19

thes things

03:21

can happen if somebody can physically access that hard drive, or they can use some some kind of software to do it remotely. So you have to make sure that not everybody can access that the wise.

03:34

They can also read locally stored others books in order to get information, for example, potential phishing attack.

03:43

And they could. Then you can also intercept print jobs, faxes in male scans. And in that case, you can get a hold off some information that you are not supposed to see or get in possession off.

03:59

The next thing that can be done with printing devices denial of service.

04:04

So, basically, if you enable cancel or print the cancel job on the device, somebody can stand that device. If it's a share device, for example, if it's a whole way printer, somebody print something they can cancel in the middle of it, forcing that person to print it in some other time.

04:23

Or they can just cancel the print job off other people entirely.

04:28

This is not a big security concern, but it can generate additional costs when people have to reprint jobs several times.

04:36

Also, you can turn off the MFP remotely, in which case somebody has to. Physically, it's usually a service call, which costs money. So somebody has to go to the device and switch it on.

04:49

You can disconnected from the network. So you can, for example, changed its I P address to something else again, generating a service technician call. And usually somebody has to go there

05:04

and physically set it up again. Why? Because if you if you change the I p address to something outside the current corporate

05:14

address range, then these day. But this device, first of all, nobody knows which address you have changed, too, and the second it's no longer visible on the Corporate Network company network.

05:27

Off course. The same thing is, ah, the network location of the B.

05:35

Ah, you can cause in their estate that interrupt service, which also generates ah service coal on you can change your access configuration basically forcing people to do some kind of factory reset on the device.

05:51

So these a role

05:54

these fall into category of pranks? No, not so much security concerns, but they can eat there than repeatedly. They can generate quite a lot off cost in terms of people actually going out in the field, especially if you have outsourced the

06:12

maintenance and repair of these devices.

06:15

So, um,

06:16

let's, uh, just do the short learning Check a t end of this lesson. So what can somebody do to perform identity spoofing?

06:28

They can change fields to. They can change, feel from, or they can change field sites. Subject. And the answer, of course, is

06:40

they need to change field from

06:42

because in this case, it's simply

06:47

what identities Boyfriend? Yes,

06:50

and also

06:53

one of the things that can be done on on any printing devices. Elevation of privilege. So, for example, devices usually closed devices usually have some kind of focal restrict mode in which not everybody can print in color or not every application can print in color

07:13

on. If you change these things, then you can again generate additional cause because color printing is much more expensive than them black and white printing, even Corey devices.

07:24

Um,

07:25

so also, you can get ministered to privilege for non, uh, administrators in, which should Then this device can be accessed and used maliciously. And, uh,

07:38

you can vice pass job accounting through management's after, so you can then print without anybody knowing that you have bean. You're the one that was printing,

07:46

and as I mentioned, the providing access for unauthorized users for color things like that.

07:54

In the end, we have tempering with device or OS

07:58

s O what you can do if you're really smart and you know how the device works and how to write by a sub Great for the device.

08:05

You cannot break the device with tempered biles, and this is really were really big problem.

08:13

Or you can replace firmer of the device completely,

08:16

or you can add unauthorized APS or blood gins to device. These bloody things can be serious security threats. For example, they can be some kind of mini server of observable, which can allow you to use it as a back door to the network.

08:35

Or you can

08:37

simply install some malicious software on the device, or like male sniffer or networks differ like I mentioned before, or you can even use that the wise to deploy some kind of malware like wires of Georgians or ran somewhere to other devices. Pieces on the network.

08:56

This all can be done if you know how to write to be a sub great of firmer upgraded device.

09:01

So this is pretty much all about

09:05

the attack collectors on the printing devices

09:09

in this. In this part of this lesson,