Difference between revisions of "Code execution"
From Hacking Printers
Line 1: | Line 1: | ||
+ | Any computer system may be prone to malicious code execution. Printers are no exception. While there are numerous potential attack vectors, two standard ways of importing foreign code are present in most of today's printers and MFPs by design: the ability to perform firmware updates and to install additional software packages. Furthermote, a short introduction to the danger of buffer overflows in embedded devices is given. | ||
+ | |||
''Currently, the following techniques to achieve code execution are discussed in this wiki:'' | ''Currently, the following techniques to achieve code execution are discussed in this wiki:'' | ||
Latest revision as of 18:22, 15 January 2017
Any computer system may be prone to malicious code execution. Printers are no exception. While there are numerous potential attack vectors, two standard ways of importing foreign code are present in most of today's printers and MFPs by design: the ability to perform firmware updates and to install additional software packages. Furthermote, a short introduction to the danger of buffer overflows in embedded devices is given.
Currently, the following techniques to achieve code execution are discussed in this wiki:
- Buffer overflows – Smashing the stack based on unsanitized LPD and PJL input
- Firmware updates – Deploying malicious firmware through ordinary print jobs
- Software packages – Installing custom software on MFPs and printer devices