In the Middle of Printers: (In)security of Pull Printing Solutions
Author: Jakub Kałużny
Big corporations and financial institutions need secure pull printing services which guarantee a proper encryption, data access control and accountability. This research aimed to perform a MITM attack on multifunction printers with embedded software from the most popular vendors. The results are staggering - similar vulnerabilities have been found in multiple solutions which are exposed to breaking the encryption, collecting any prints from the server and printing at others' expense.
Jakub Kaluzny has more than 7 years experience in web programming focused on security - PHP, pgSQL, MySQL, bash scripting, and 3 years experience in software security lifecycle and penetration testing. He was introduced in the Google Security Hall Of Fame in 2013. He was a speaker at OWASP Poland Local Chapter - "Advanced data mining" - focusing on security aspects of data crawlers in 2011. In 2008 presented his report "Ciphers and encrypted file systems" at Open-source security conference, Warsaw. Jakub Kaluzny was Main Programmer and Security Officer at Homepay.pl in 2010 - 2012 (developing financial intermediary platform, security hardening). Now he is an IT security specialist at SecuRing (penetration tests, vulnerability assessment and threat modelling of web applications and network environment). He is intended to receive a bachelor’s degree in Engineering in Applied Computer Science at AGH University Of Science And Technology, Cracow.