hashdays 2011: Andrei Costin - Hacking Printers: 10 years of public research and lessons learned
- 1,521 views
While more and more new devices (routers, smartphones, etc.) are getting connected to our SOHO/enterprise environments, all-colour hats are getting plenty of focus on their security: defend and harden ...
While more and more new devices (routers, smartphones, etc.) are getting connected to our SOHO/enterprise environments, all-colour hats are getting plenty of focus on their security: defend and harden on one side; exploit and develop malware on the other.
However, a special class of network devices (specifically network printers/scanners/MFPs), which are networked for more than 15 years, are constantly out of the modern security watchful eye and we don’t realize closely how weak and unsecured they are, despite the amount of private information they process and despite the boom of research in the last year combined with security bulletins popping-up here & there.
In this presentation, first we will outline major milestones in the 10 years public research & 1.5 years of personal research. Then, we will cover most important attack vectors, backed up by demos and source analysis. Then we will proceed with lessons learned both from the industry itself and from the security research, backed up by possible solutions and what can be done to protect ourselves as well as our network environments. And finally the plan is to give the audience a sneak preview about what's on for current & future research.
Bio: Born and grown-up in Moldova, Andrei is a Computer Science graduate of the Politechnic University of Bucharest where he did his thesis work in Biometrics and Image Processing. He is the author of the MiFare Classic Universal toolKit (MFCUK), the first publically available (FOSS) card-only key cracking tool for the MiFare Classic RFID card family. While starting out his IT-career in the Computer Games industry, he has worked in the Telecom field and is currently senior developer at a specialized firm producing custom embedded systems utilizing GSM/UMTS/GPS technologies. He is passionate about IT/App/Info security and has spoken at various security conferences. He usually doesn't have too much free time, but when he does he enjoys the Cyprus' shores and sea.
- Total Views
- Views on SlideShare
- Embed Views