Link to the Paper: https://oaklandsok.github.io/papers/muller2017.pdf
Summary:
In a room full of people, which each person being representative of a cyber security threat - this paper is probably the quietest of them all but probably has the most potential in the near term to do a lot of damage to the world if not taken seriously. The paper brings attention to how printers are usually very unprotected both in terms of a network sense and in terms of a physical sense meaning that they are open to a large amount of vectors of attack. The team uses open source software on a variety of printers to steal or corrupt data in a way most people wouldn't imagine a printer could do.
What I liked:
The fact the study brings a lot of attention to a problem that most people don't think about - that printers are unprotected but carry a lot of confidential information
The paper went for common trends in attacks ie the way they described most attacks on printers were on the implemented interpreters - PostScript and PJL.
There's a lot of different attacks that are looked at in the paper - really broad offering
The creation of the Printer Exploitation Toolkit seems very novel way of creating an attack framework - I'm glad that they used something that was open source instead of propietary in this study
The paper definitely builds on a lot of prior work - as seen in the references there are like 65 other papers
What I didn't like:
Over use of arbitrary acronyms in this paper kind of made it hard to read when I had to constantly flip between pages to remember what an acronym stood for
Study was constrained by the donation of old printers. It begs the question of if these printers were representative of printers currently in use today?
The paper considers certain attacks out of scope such as of any active network attacker was controlling the communication between the end user and the printer
Again the paper kind of went out against specific brands in certain places and doesn't really touch on what the industry as a whole could do to improve
The paper I don't think focused enough on how malicious fake firmware updates could become an attack vector in the future - especially after reading the Zigbee paper
Points for Discussion:
What other unprotected high access devices are in company networks?
Would industry specific rewards incentivize more white hat hackers to traditionally neglected cyber security fields?
Why can factory resets be done over the network? Why not restrict it to physical proximity?
How and why are credentials stored on printers?
How big of an issue are printer attacks currently?
New Ideas:
Does the diversity in printer manufacturers and their implementations make it harder to find a silver bullet hack?
I think this study needs to be redone with modern printers that are coming out today and are kept supported through firmware updates
It might be interesting to classify attacks on printers by hardware and software attacks to see if there are any other common trends that could be extrapolated
Is there different levels or tiers of security across different price points - we could do a study between personal and enterprise printers
Could proprietary information be stolen from 3d printers in an industrial setting?