Your Printer is not your Printer ! - Hacking Printers at Pwn2Own
Printer has become one of the essential devices in the corporate intranet for the past few years, and its functionalities have also increased significantly. Not only print or fax, cloud printing services like AirPrint are also being supported as well to make it easier to use. Direct printing from mobile devices is now a basic requirement in the IoT era. But with such convenient functions, we also use it to print some internal documents of the company, which makes it even more important to keep the printer safe.
For most printers now, printer port or USB connection are no longer needed; with just a LAN cable connected to the intranet, computers can find and use the printer right away without installing additional drivers via SLP and LLMNR protocols. However, is it really safe when vendors adopt these protocols? Furthermore, many printers do not use traditional Linux systems, but use RTOS(Real-Time Operating System) instead, how will this affect the attacker?
In this session, the speaker will use Canon ImageCLASS MF644Cdw and HP Color LaserJet Pro MFP M283fdw as examples, showing how to analyze and gain control access to the printer. It will also be the first disclosure of the exploit used in Pwn2Own 2021 Mobile, and how to use the exploit to achieve RCE in RTOS under unauthenticated situations.