Brendan O'Connor: Vulnerabilities in Not-So Embedded Systems
Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference
English - June 04, 2006 23:10 - 1 hour - 134 KB Video - ★★★★ - 4 ratingsTechnology News Tech News blackhat usa 2006 black hat vegas blackhat vegas hacking convention computer security speeches presentations spoken word video Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Printers, scanners, and copiers still have a reputation of being embedded systems or appliances; dumb machines that perform a specific, repetitive function. Today's devices are far different than their predecessors, but still do not receive the same level of security scrutiny as servers, workstations, routers, or even switches. The goal of this talk is to change the way we look at these devices, and leave the audience with a better awareness of the security implications of having these devices in their environments. Although the concepts in this talk can apply to many different devices, the primary focus will be on vulnerabilities, exploitation, and defense of the new Xerox WorkCentre product line. Previously undisclosed vulnerabilities will be released, along with exploit code that turns a dumb printer, copier, or scanner into a network attack drone. Steps administrators can take to harden these devices will also be covered.
Brendan O'Connor is a security engineer from the Midwest. He worked in security for a communications company for four years before switching to the financial sector in 2004. Brendan currently works in Information Security for a major financial services company, where his duties include vulnerability research, security architecture, and application security. He has several multi-letter acronyms after his name, drinks too much coffee, and plays an unhealthy amount of Warcraft."