Jump to content

Recommended Posts

Small Office Home Office ( SOHO ) Printers, no.

However they can be affected by malware such as those that can spool large print jobs that deliberately waste ink and paper.

Those that that have Compact Flash or other memory card readers or those that have a USB port and support USB Mass Storage Devices may have malware stored on the media and may be accessible as shared data on the printer.  But in that sense any malware on the storage media will not infect the printer and the printer can't infect computers.  If you attach media that contains malware to a printer and attach to that printer's storage device as a NT Share or Server Message Block ( SMB ) Share it is possible that the client account that accesses the storage device sharing data can cause a client to be infected.  This would not  be automatic.  It would be a manual process such as the client account manually launching the malware housed on that media.

Enterprise printers often use internal hard disks to queue received print jobs.  These Enterprise level printers run much more sophisticated software such as an embedded version of Linux.  Therefore it is conceivable that that these kinds of printers can have some role in the spreading of malware.  But, I do not know of any such events.  In that case it is more of a theoretical possibility than a present day reality.

 

Edited by David H. Lipman
Edited for clarity, spelling and grammar
Link to post
Share on other sites

Link to post
Share on other sites

Thank you David for clarifying Pondus' post.  

Please forgive my ignorance while I try to understand the articles referenced in Pondus' post further- Will my computer download a print driver directly from the printer's memory, ( I noticed last time I connected a new pic to the printer, I didn't have to use a CD or go to a Cannon website to download a driver - it just worked), and do I need to worry about that driver having been infected with some kind of malware/spyware when the infected pic was connected?

Thank you.

Link to post
Share on other sites

There are a few HP printers that may do this.  However it is stored on the printer like firmware.  To update the drivers stored on the printer you have to update that firmware.  That software can then be downloaded to the computer and be installed.  The vast majority do not have that capability or facility.  Due to the limited scope of these printers, and the proprietary nature of HP's software, it isn't something that has been known to be compromised.

The majority use plain old Plug n' Play.  There are multiple types of Printer Drivers but most will fit in three categories;  Stock, Extended Stock and Vendor Supplied.

  • Stock - These are the Printer Drivers that are included with the MS Windows OS
  • Extended Stock - These are the Printer Drivers that are not included with the MS Windows OS but are in a Hardware Device Library at Microsoft and may be downloaded to extend the number of available stock OS Printer Drivers.
  • Vendor Supplied - As the name implies, you have to obtain these Printer Drivers form the manufacturer and/or vendor because they are not provided with the the Windows OS nor are they available at the MS Windows Printer Driver's Library supplied by Microsoft to extend the stock Printer Drivers.

So when you install a Printer, it will Plug n' Play the port that connects a printer to the OS ( Examples: USB, Parallel, Serial and Network ) and then the OS will attempt to install Printer Drivers by first looking at the MS Windows Stock Printer Drivers.  If it isn't available, depending on how the OS was setup and if its connected to the Internet, the OS will attempt to download the drivers via Windows Update device driver sub-service.  If it still isn't available you have to provide them by inserting a CDROM or by running some installation utility.

The article was about Signed Drivers and not using a Signed Driver can be exploited.  That is a Printer Driver that has been published with a Public Key certificate from the vendor and the reliance on the OS to either "trust" unsigned drivers or adhere to a Security Policy to only allow digitally signed drivers that can be verified through a Certificate Authority via the OCSP Protocol.  The article is showing that there is a vulnerability, that has existed in the Windows OS since Windows 95, where untrusted and unsigned drivers can be used to compromise the system.  Specifically because of the way the Windows OS "doesn't properly authenticate print drivers when installing them".

RE:  https://arstechnica.com/security/2016/07/20-year-old-windows-bug-lets-printers-install-malware-patch-now/

Quote

Researchers with security firm Vectra Networks discovered that the Windows Print Spooler doesn't properly authenticate print drivers when installing them from remote locations. The failure makes it possible for attackers to use several different techniques that deliver maliciously modified drivers instead of the legitimate one provided by the printer maker.

 

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.