He is a computer science graduate of the politehnica university of bucharest where he did his thesis work in biometrics and image processing, and obtained his phd in france at eurecom institute. Currently he is a phd candidate with eurecom in field of. While starting out his itcareer in the computer games industry, he has worked in the telecom field and also was a senior developer at a specialized firm programming various gsmumtsgps sub. Pscript minidrivers windows drivers microsoft docs. Um, youve been hacked, focused on an adobe postscript vulnerability in. Biography andrei is a computer science graduate of the politehnica. Impressum andrei costin author of mfcuk mifare classic universal toolkit daytime programmer after8pm type of hobbyist hacker not part of printing industry though generally interested in. This time we demonstrate that postscript language, given its power, elegance and turingcompleteness, can be used more than just for drawing dots, lines and circles and to a certain extent it. Andrei is a computer science graduate of the politehnica university of bucharest where he did his thesis work in biometrics and image processing.
Born and grownup in moldova, andrei is a computer science graduate of the. Andrei costin is a phd graduate from eurecom where he successfully defended his thesis on large scale security analysis of embedded devices firmware. While starting out his itcareer in the computer games. Balzarotti, a largescale analysis of the security of embedded firmwares, in proceedings of the 23rd usenix conference on security to appear 2 a. Ps printer driver transforms it to ps stream for specific device ps data stream on prn. Andrei costin author, mifare classic universal toolkit presentation title. To obtain the updated firmware, go to the hp software and drivers page for your product and find the firmware. While starting out his itcareer in the computer games industry, he has worked in the telecom field and also was a senior developer at a specialized firm programming various gsmumtsgps. Hp universal print driver for windows postscript youtube. Biography andrei is a computer science graduate of the politechnic university of bucharest where he did his thesis work in biometrics and image processing. Most of the xerox printers and multifunction printers can use either the postscript or pcl driver. The meat of the talk concerned executing remote code on an mfp using crafted postscript. While starting out his itcareer in the computer games industry, he has worked in the telecom field and also was a senior developer at a specialized firm programming various gsmumtsgps subsystems.
User writes the doc and hits print ps printer driver transforms it to ps stream for specific device ps. Biography andrei costin is an assistant professor at university of jyvaskyla in finland jyu. Firmware unpacking and analysis as a service, in proceedings of the acm conference on security and. This cited by count includes citations to the following articles in scholar. Is connected to networkscommunications lines have smartcards contact and contactless have crypto involved somewhere down the line is or should be secure.
Is connected to networkscommunications lines have smartcards contact and contactless. Andrei costin andrei is a computer science graduate of the politehnica university of bucharest where he did his thesis work in biometrics and image processing. Lately he was spotted securityharassing airplanes with adsb hacks, though no planes were harmed during the experiments. Download the installer for the adobe postscript printer driver. In andrei costin s presentation hacking mfps, he covered the history of printer and copier hacks from the 1960s to today. Andrei costin is a phd graduate from eurecom where he successfully. Costin s presentation, hacking mfps, part 2 postscript. Re is a free online service that unpacks, scans and analyzes almost any firmware package and facilitates the quick detection of vulnerabilities, backdoors and all kinds of embedded malware. The pscript driver for microsoft windows 2000 and later supports. This means that the postscript language creates all of the print data and does not rely on the printer for print data. Firmware modification attacks and the rise of printer malware. Just printing a particular document can get code to run on the machine. This could occur with a specifically crafted postscript or firmware job submitted to the device.
A costin, j isacenkova, m balduzzi, a francillon, d balzarotti. Andrei costin is a computer science graduate of the polytechnic university of bucharest where he did his thesis work in biometrics and image processing. Rfid, gsm, biometrics, embedded almost everything which. You might find this post informative and helpful in deciding which driver is best for you and your business. This article is taken straight from a case in our online support. U receiving less press than the lecture on the hp vulnerability, andrei costin2 presented his research on printer exploitation one day previous to the presentation dealing with the hp vulnerability. Ps printer driver transforms it to ps stream for specific device.
Embedded devices security and firmware reverse engineering. A largescale analysis of the security of embedded firmwares. He is also a computer science graduate of the politehnica university of bucharest where he did his thesis work in biometrics and image processing. The differences between the postscript and pcl drivers. Andrei costin is an assistant professor at university of jyvaskyla in finland jyu.
They contain confidential documents, they remain unpatched, they are sometimes facing the internet or are available on the network. Impressum andrei costin author of mfcuk mifare classic universal toolkit generally interested in. In proceedings of the 5th european conference on computer systems, pages 167180. Is connected to networkscommunications lines have smartcards contact and contactless have crypto involved somewhere down the line is or should be secure corporate. Install a printer that uses a postscript printer driver. He is passionate about security in a holistic fashion. Postscript 3 and newer includes many enhancements to older versions of postscript, including improved image quality and color. Replace ps drivers with pcl ones well disable language operator authorization look for security bulletins and patch sandbox printers in your network include mfps in security audit lifecycle users do not print from untrusted sources be suspicious on postscript files vendors create realistic mfp threat models. We have decided to continue our research onto postscript realms an old, very powerful and nicely designed programming language, where as a coincidence or not, given its numerous security flaws adobe owns most postscript. After a coffee break, andrei costin talked about the danger of postscript files. Re is a free online service that facilitates firmware mounting, modification, loading and emulation. Xerox security bulletin xrx12003 address postscript and dlm vulnerabilities v1.
335 490 66 194 1267 1373 1352 1023 119 1218 124 48 1418 1062 303 1107 292 921 901 989 708 1121 708 1163 1268 182 95 968 937 669 1036