Many top printers have major security flaws
The vulnerabilities were uncovered after the team tested multiple aspects of six mid-range enterprise printers including web application and web services, firmware and update capabilities and hardware analysis.
The team tested printers from HP, Ricoh, Xerox, Lexmark, Kyocera and Brother using basic tools to reveal a wide range of vulnerabilities with some emerging almost instantly.
- Printer security a major worry in the education sector
- Sharp boosts printer security with new launches
- Your printer: it's a vulnerable, connected device
NCC Group will present its findings at several security conferences including DEF CON, Hack in the Box and 44Con later this year.
If the vulnerabilities were exploited by attackers, the potential impact could range from denial of service attacks that could cause the printers to crash, backdoors that would allow attackers to maintain a hidden presence on an enterprise network or even the ability to spy on every print job sent and to send print jobs through to unauthorized parties.
Thankfully though, all of the vulnerabilities discovered by NCC Group have either been patched or will be in the near future. However, the firm is advising all system administrators to update all vulnerable printers with the latest firmware and to monitor further updates.
Research director at the NCC Group, Matt Lewis provided additional insight on the researchers' findings, saying:
“Because printers have been around for so long, they’re not seen as enterprise IoT devices—but they’re embedded in corporate networks and therefore pose a significant risk. Building security into the development lifecycle would mitigate most if not all of these vulnerabilities. It’s very important that manufacturers continue to invest in security for all devices, just as corporate IT teams should guard against IoT-related vulnerabilities with even small change: changing default settings, enforcing secure configuration guides and regularly updating firmware.”
- We've also highlighted the best printers of 2019