[Dailydave] Printers

Adrian P unknown.pentester at gmail.com
Thu Feb 14 11:16:47 EST 2008 

Well, to me, embedded devices are the overlooked backdoor to corporate
networks. There is not enough attention being paid to "miscellaneous"
embedded devices such as IP phones, cameras, printers, etc ...

Also let's not forget that what makes a "consumer grade" router is
becoming very blurry these days as home-type routers are being used in
SOHOs and corporate networks (ie: Linksys routers)

What's exciting to me is not only the fact that many of these devices
can be broken into so easily, but also what can be done _after_
compromising them: stepping stone attacks. In other words: you might
have web/app server properly segmented but what about all those random
"not big deal" embedded devices exposed to the Internet but located in
the LAN of the corporate network? Most people say: "well, you can
break into my printer, what a big deal". Well, maybe being able to
stop printjobs is not a big deal, but perhaps you can enable port
forwarding via the web console of UPnP in order to probe internal
systems - then things do get interesting. The possibilities are
endless!

After researching embedded devices for a while I've realized that the
web interfaces and insecure built-in protocols such as UPnP
(authentication-less) are the low hanging fruit for attacking such
systems. I mean, you find web security bugs that reminds you of things
people would find in the early 90s.

Anyway, for those interested in this topic I will be giving my
"Cracking into Embedded Devices and Beyond!" presentation which will
demo Hollywood-style camera hacks (replacing video stream with
infinite loop), and wardriving over the Internet via owned embedded
devices: http://conference.hackinthebox.org/hitbsecconf2008dubai/?page_id=186

Regards,
AP.

On Thu, Feb 14, 2008 at 2:25 PM, Dave Aitel <dave at immunityinc.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>  Hash: SHA1
>
>  http://www.eweek.com/c/a/Printers/Multifunction-Printers-The-Forgotten-Security-Risk/1/
>
>  I found this article quite interesting since Bas just finished a
>  penetration test where he managed to break in through a large printer
>  that was exposed to the Internet. There are real business reasons for
>  having your printers exposed and the risks are somewhat vague,
>  especially to most network security staff. I like seeing some of the
>  theoretical stuff actually happen though. :>
>
>  Sinan Eren is giving a neat talk in a few days at BlackHat Federal -
>  IO Immunity Style. It starts off with a case study of what happens
>  when someone real goes up against a hard target and isn't doing a
>  penetration test. After that you get to see a demo of PINK, which is
>  an essentially undetectable-on-the-wire remote beaconing trojan he
>  wrote.  Then at the end you get to ask questions of one of the finest
>  information security minds in the industry.
>
>  I'll be at the first day of BH Federal as well, and helping with the
>  defend the flag. So hopefully I'll see a lot of the people on this
>  list there!
>
>  - -d
>  -----BEGIN PGP SIGNATURE-----
>  Version: GnuPG v1.4.6 (GNU/Linux)
>
>  iD8DBQFHtE9ZB8JNm+PA+iURAgjnAJ4scFakSWYK20N1II57vJEnhWIJaQCgsO6c
>  EhMsBLYveYQYPqp3qZIiV6s=
>  =gFxK
>  -----END PGP SIGNATURE-----
>
>  _______________________________________________
>  Dailydave mailing list
>  Dailydave at lists.immunitysec.com
>  http://lists.immunitysec.com/mailman/listinfo/dailydave
>



-- 
pagvac
gnucitizen.org

More information about the Dailydave mailing list