Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

...and the worm can be inside a PDF. So what, we can only print plain-text now? Does my virus scanner look for firmware worms in pdf files?


I didn't get that from the article. How's a PDF file supposed to trigger the (vulnerable) firmware update mechanism of the printer?


Right, it only says

  "if you can reverse engineer one of HP’s firmware updates so that you can make your own, and then insert it into a print job"
Not clear if a PDF can achieve that.


I think know how this is done, I use it to hack my cartridge life all the time. Slightly off topic but bear with it...

When the HP driver software compiles the file code to send to the printer it also encodes other information. I discovered this because I found out it that the system date of the pc gets encoded along with the print data. More shockingly, prior to encoding the file, the printer checks the "best before date" of each cartridge and compares it to the system date. If your cartridge is beyond the date HP would like you to use it by, it introduces artifacts into the print and the issues a "beware you printer could malfunction with out of date cartridges" message.

Simple work around, change your system date to some time in the past before your cartridge expiry date, and hey presto your HP printer starts to work again. Change it back to the present and all of a sudden the artifacts and message appear.

If HP can mess with your PDF pre-print, then so can someone else. Personally, I love my HP printer. I just hate what HP do to try to force you to buy more ink. Whenever have non-perishable goods required a "use by" date?


"Every time a vulnerable LaserJet printer accepts a print job, it scans that job to see if it includes a firmware update."

"but what if an employee at a company is spear-phished with a hacked-firmware-laden PDF or DOC?"

I guess the OP thinks it is possible? I wouldn't know.


Not sure about manipulating firmware but many printers can handle PDF directly (no need to convert to PS/PCL)


Coincidentally, I was updating HP LaserJet firmware last week and when the update tool was running, I was surprised to see it sent the firmware as a 'normal' job to the printer. My guess is this is how the exploit works -- simply disassemble existing firmware and make sure your malicious job looks like said update.


I know I commented earlier, but I slept on it last night and I realised I'd already hacked printers in this way and got paid to do it - I'd just completely forgotten.

Years ago, I was working for well known lighting manufacturer and CD inventor you know who I mean... they had a SAP system that did not have a printer driver for the thermal printers they were using on all their products. I'd been using a bizarre pseudo mark-up language called SAPScript on a couple of projects and discovered quite by accident ;) that you could encode printer commands directly into the SAPscript. Exactly the same principle I guess as including php code in HTML. At some point the machine knows to parse the code not print it. I could get it to do some mad printed stuff as long as you could controll the variables that you passed to the script. I never tried the burn baby burn effect though. I was too nice.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: