Veranstaltung
14:45
-
15:25
Tag 3
Dialing into the Past: RCE via the Fax Machine – Because Why Not?
aufgezeichnet
Security
Remember the days when faxes were the pinnacle of office tech, and the sound of a paper getting pulled in was as satisfying as a fresh cup of coffee? Well, it's time to dust off those memories and reintroduce ourselves to the quirky world of printers and their forgotten fax interfaces – yes, those relics that make us all feel like we're in an '80ies sci-fi movie – and specifically, how they can unlock a new frontier in printer security exploits!

In this talk, we'll show you how we leveraged a printer bug that we found at Pwn2Own Ireland this year to gain remote code execution. Over its fax interface. You might think, "Who cares about faxes?" – but what if I told you that lurking within this vintage feature is a potential pathway for remote code execution? That's right, while everyone else is busy patching the latest vulnerabilities in trendy software and half the world is obsessed with cloud security, we'll be having a blast with tech that should've been retired to the attic long ago, exploiting a feature that's older than some of the attendees!

We'll explore how this vintage tech can be the gateway to some serious mischief. Think of the possibilities: municipalities, banks, courts, you pick your favorite bureaucracy. Unfortunately, we can't do any of those things -- that'd be naughty -- so we're restricted to doing the stupidest things we can think of in our live demos. In case you're wondering: of course we'll be running doom on this thing, proving that even the most outdated tech can still pack a punch, as we take control over this device in style. Expect a mix of technical insights and many moments of "why would you do that?".

So join us in this wild ride through simpler times -- who knew the key to world domination lays in a dusty fax machine?