HITB-Invoice-Logo

thank you for joining us!

Cracking Kyocera Printers

Date

August 26, 2022

Time

11:30

Track

CommSec Track

Printers are one of the most common devices in daily life which are considered rather common devices in our daily life. Their unique network location and functions determine that they are often used to process many confidential documents, making them attractive targets for APT groups. Once the printer is hacked, not only can the attacker enter the office network, but can even obtain and tamper with the confidential documents.

We took a deep dive into Kyocera printers, one of the major printer brands with annual sales of nearly a million units around the world. Through research on several printers of this brand, we have found multiple high-risk vulnerabilities,  which can lead to remote Dos, arbitrary file reading, password leakage, and even pre-auth RCE in severe cases, and these vulnerabilities will affect almost all Kyocera devices.At the same time, because of the long life of printers, a large number of older devices are still in use at home or in the company, we have found that such devices also have a serious preauth-RCE vulnerability but it can not be repaired, creating a significant risk.

We will demonstrate these vulnerabilities which can preauth-rce to lead us to slip into office network and show how to monitor all files with printer native functions.

Speakers

Team Leader

TianGong Lab at QiAnXin Technology Research Institute

Yue Liu is a security researcher at QiAnXin Technology Research Institute, and the team leader of QiAnXin TianGong Lab. He and his team has published their work in the top security academic conferences including Usenix 2021、EuroS&P 2022、ACM CCS 2022。

Security Researcher

Undisclosed Co

Mainly focused on the security of embedded devices, and had found multiple vulnerabilities in routers, cameras, drones, firewalls, printers and other devices.

Security Researcher

CLP-Team

He focused on the research of IOT and Android security, cracked a variety of smart devices in Tianfu Cup, was awarded the Hall of Fame in GeekPwn 2020 & 2021, and he has publiced his work on ACM CCS 2022.

Other Talks in This Track

LOCATION

CommSec Track

DATE

August 26

TIME

10:30

LOCATION

CommSec Track

DATE

August 26

TIME

12:00

LOCATION

CommSec Track

DATE

August 26

TIME

16:30