I’m Your Printer … And I am Here to Hack You

We have seen similar attacks before, but not for a while. This one impacts Canon printer users and it affects production printers (I am guessing this means high performance printers), small office multi-function printers and laser printers. Pretty much everything.

The bug involves a vulnerability in the processing that the printer driver has to do when it receives a printer file from your computer.

If this bug is exploited, it could lead to full system compromise. Given the driver runs on your computer and not the printer itself and that it runs, likely, with elevated permissions, and now all drivers have to be signed, hence trusted, you get full system compromise.

If the printer is on a network – or more correctly, if the computer that the printer is attached to, either locally or over a network – is on a network, the network is at risk.

Microsoft Offensive Research and Security Engineering reported the bug and rates it 9.4 out of 10. That represents a pretty high risk.

Canon says updated drivers WILL BE made available. They didn’t say when and the hackers are not waiting for you to install the new driver on each and every computer.

Updating non-Microsoft drivers is more complex because there is likely no automatic updates in most environments. First you need to figure out where the vulnerable driver is located. Some users may not use a Canon printer any more but may have used one five years ago. Even these computers should be patched. From what I can tell, systems with installed but unused drivers are less at risk because the driver would need to be triggered somehow – I think.

Best practice is to UNINSTALL any printer drivers that are no longer being used and update the rest.

For this patch, you are going to have to search for it on your country-local Canon support site.

But this could be an opportunity to re-engineer your network and isolate printers. While that won’t solve this security problem, it might solve the next one. Credit: Data Breach Today

by