TL;DR: In the scope of academic research on printer security, various vulnerabilities in network printers and MFPs have been discovered. This is advisory 1 of 6 of the `Hacking Printers' series. Each advisory discusses multiple issues of the same category. This post is about manipulating and obtaining documents printed by other users, which can be accomplished by infecting the printer with PostScript malware. This vulnerability has presumably been present in *every PostScript printer* since 32 years as solely legitimate PostScript language constructs are abused. The attack can be performed by anyone who can print, for example through USB or network. It can even be carried out by a malicious website, using advanced cross-site printing techniques in combination with a novel technique we call `CORS spoofing' (see `Cross-Site Printing and CORS Spoofing' section). ==============[ Print Job Manipulation and Disclosure ]===============
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment