Your Printer is not your Printer ! - Hacking Printers at Pwn2Own

中文In-PersonPrinterVulnerability AnalysisCyberwar

Printer has become one of the essential devices in the corporate intranet for the past few years, and its functionalities have also increased significantly. Not only print or fax, cloud printing services like AirPrint are also being supported as well to make it easier to use. Direct printing from mobile devices is now a basic requirement in the IoT era. But with such convenient functions, we also use it to print some internal documents of the company, which makes it even more important to keep the printer safe.

For most printers now, printer port or USB connection are no longer needed; with just a LAN cable connected to the intranet, computers can find and use the printer right away without installing additional drivers via SLP and LLMNR protocols. However, is it really safe when vendors adopt these protocols? Furthermore, many printers do not use traditional Linux systems, but use RTOS(Real-Time Operating System) instead, how will this affect the attacker?

In this session, the speaker will use Canon ImageCLASS MF644Cdw and HP Color LaserJet Pro MFP M283fdw as examples, showing how to analyze and gain control access to the printer. It will also be the first disclosure of the exploit used in Pwn2Own 2021 Mobile, and how to use the exploit to achieve RCE in RTOS under unauthenticated situations.

angelboy

angelboy

Angelboy is a member of DEVCORE and CHROOT from Taiwan . He is researching vulnerability research. He participated in a lot of CTF, such as HITB、DEFCON、Boston key party, won 2nd in DEFCON CTF 25,27 and won 1st in Boston key party 2016, 2017 with HITCON CTF Team. He is also a speaker at conferences such as HITCON, VXCON, AVTokyo, HITB GSEC. Twitter: @scwuaptx

English interpretations will be provided for all sessions not presented in English.

Agenda Table

Use event local timezone
TimeZone

00:30

  • Attendant Registration Time

01:20

  • Welcome Speech & Event Introduce

02:10

03:00

  • Break

03:15

04:05

  • Lunch

05:00

05:45

  • Break

06:00

06:45

  • Tea Time

07:00

07:25

08:10

  • Break

08:25

09:10

  • Closing

09:25