Using a public printer to "print" is the least evil thing you can do. Read this weeks research on printer security:
http://hacking-printers.net/https://github.com/RUB-NDS/PRE...
Whenever you can print a document on a printer (for example, using port 9100 or cross-site-printing from a malicious website) you can do much worse stuff like:
- Capture print jobs (all PostScript printers since 32 years are vulnerable!)
- Access the file system (most PostScript printers allow this, some PJL devices do)
- Dump the printer's NVRAM or memory ("feature" of all Brother laser printers and some Xerox devices)
- Obtain credentials for Scan-to-Mail, Active Directory etc. stored on the device (Brother, OKI, some HPs,...)
- Install new firmware on the device (modification however is difficult as many vendors use code-signing)
- Destroy the printer's NVRAM using legitimate PJL commands (various HP, Brother, Lexmark, Dell, Konica Minolta,...)
Slashdot Mirror
Using a public printer to "print" is the least evil thing you can do. Read this weeks research on printer security: http://hacking-printers.net/ https://github.com/RUB-NDS/PRE... Whenever you can print a document on a printer (for example, using port 9100 or cross-site-printing from a malicious website) you can do much worse stuff like: - Capture print jobs (all PostScript printers since 32 years are vulnerable!) - Access the file system (most PostScript printers allow this, some PJL devices do) - Dump the printer's NVRAM or memory ("feature" of all Brother laser printers and some Xerox devices) - Obtain credentials for Scan-to-Mail, Active Directory etc. stored on the device (Brother, OKI, some HPs, ...)
- Install new firmware on the device (modification however is difficult as many vendors use code-signing)
- Destroy the printer's NVRAM using legitimate PJL commands (various HP, Brother, Lexmark, Dell, Konica Minolta, ...)