Tag: Plays | SpinSafe

Why printing security plays a vital part in keeping Aotearoa safe

August 11, 2022/in Mobile Security

While Kiwis continue to follow the world when it comes to working online, there’s still one manual business need that is often still crucial to a successful enterprise. Whether you’re an educational institute, a law or accounting firm or even a government agency, printed documents often play a vital role in working operations.

Much has changed since the simpler days of plug-in, pressed and mechanical printing. Printers and print mechanisms are now heavily integrated, with cloud technologies and the internet being significant parts of the process. What could be done via dial-up 12 years ago can now be completed within seconds by clicking a button.

While internet printing, mobile printing and other similar technologies have no doubt made things easier to manage, it has also brought a whole new set of problems to the table. As with all cloud, mobile and internet-based technologies, cybersecurity can be a significant challenge to address, and because of the complexities involved in the printing process it can become even more disruptive.

And history has proven that there are ongoing issues. In 2017, Y Soft conducted a survey which found that while 35% of New Zealand workers were using a mobile device at work for printing, only 50% had adequate security protection or antivirus installed on their mobile devices. A global report from Quocirca in 2016 also found that 61% of respondents had experienced at least one print-related data breach during this period.

The subsequent 2020 report reflected that 83% of IT decision-makers were very concerned about home printing security, proving that there was still a significant concern in both the workplace and at home. The rise in hybrid work situations has also meant that, in a similar fashion to general cybersecurity, printing security has become more complex and involves more risk.

Part of this risk comes from things like inadequate firewall protection, lack of WiFi security and additional problems with file sharing and data protection. Transferring data in any sense can be dangerous, and often printing devices (mobile and computer) and printers themselves don’t have the correct security. As the data reflects, often Kiwis are…

Source…

Printer plays AC/DC, Samsung Galaxy S21 hacked twice

November 5, 2021/in Mobile Security

Pwn2Own: Printer plays AC/DC, Samsung Galaxy S21 hacked twice

Trend Micro’s ZDI has awarded $1,081,250 for 61 zero-days exploited at Pwn2Own Austin 2021, with competitors successfully pwning the Samsung Galaxy S21 again and hacking an HP LaserJet printer to play AC/DC’s Thunderstruck on the contest’s third day.

Contestants earned $70,000 during the fourth day, $238,750 on the third day, $415,000 on the second, and $362,500 during the first day.

The Synacktiv team won the contest after getting $197,000 in cash for their zero-days and 20 Master of Pwn points, with a six-point lead over the DEVCORE team, which finished with 14 points and earned a total of $140,000.

Over the four days of competition, the contestants compromised printers, routers, NAS devices, and speakers from Canon, HP, Western Digital, Cisco, Sonos, TP-Link, and NETGEAR after exploiting 61 previously unknown security flaws known as zero-day vulnerabilities.

The full Pwn2Own Austin 2021 schedule and the results following each challenge are available here.

*Pwn2Own Austin 2021 final leaderboard (ZDI)*

Sam Thomas (@_s_n_t) from team Pentest Limited (@pentestltd) was the one who compromised the Samsung Galaxy S21 running the latest Android 11 security updates on the third day using a unique three-bug chain and earning $50,000.

The Samsung Galaxy S21 escaped a hacking attempt on the first day after F-Secure Labs’ Ken Gannon didn’t get his zero-day exploit to work within the allotted time.

Mr L and Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss) of STARLabs were able to get code execution on the Samsung Galaxy S21 on the second day of Pwn2Own.

However, despite their success and winning $25,000, their attempt was tagged as a “collision” after it was revealed that they used a bug known to the vendor.

The third day of Pwn2Own also saw the F-Secure Labs team turning an HP LaserJet printer into a jukebox using a stack-based buffer overflow to play AC/DC’s Thunderstruck.

(Sound On) Confirmed! The team from @FSecureLabs used a stack-based buffer overflow to take over an HP LaserJet and turn it into a jukebox. Their efforts earn them $20,000 and 2 Master of Pwn points. #Pwn2Own https://t.co/3kqn5Cr7Y4

— Zero Day Initiative (@thezdi) November 4, 2021