Serious security flaws discovered in six widely used enterprise printers
Some of the security flaws date back 30-40 years - but probably didn't matter in pre-internet days
NCC Group researchers have discovered at least 35 vulnerabilities in six popular enterprise printer models manufactured by HP, Xerox, Ricoh, Brother, Lexmark, and Kyocera.
The researchers tested multiple features - including web services, web application, update capability and firmware - of six mid-range enterprise printers and discovered a wide range of vulnerabilities, highlighting the attack surface offered by the internet-connected printers.
Some vulnerabilities were found to be dating back 30 to 40 years.
The printers tested by the team are:
- HP Color LaserJet Pro MFP M281fdw
- Xerox Phaser 3320
- Ricoh SP C250DN
- Lexmark CX310DN
- Brother HL-L8360CDW
- Kyocera Ecosys M5526cdw
The bugs unearthed in the printers vary in severity, the researchers said, but they could be used by attackers to spy on print jobs, carry out denial-of-service attacks to crash printers, or to implant backdoors to maintain a secret presence on the network.
A potential attacker could also exploit these flaws to forward print jobs to other internet-based attackers.
The HP Color LaserJet Pro MFP M281fdw printer suffered from multiple buffer overflow vulnerabilities in the Internet Printing Protocol service. According to researchers, those vulnerabilities could allow attackers to initiate a denial-of-service attack and to execute some arbitrary code on the machine.
The vulnerabilities found in the Lexmark printer included a Simple Network Management Protocol (SNMP) denial-of-service vulnerability; information disclosure vulnerabilities; multiple overflows in Lexmark Web Server; and no account-lockout implementation.
The makers of the affected printers have either patched or are in the process of patching all vulnerabilities discovered by the researchers.
Systems admins have been advised to update any affected printers in their organisation to newest firmware available.
"The good news is that thanks to this research, the manufacturers in question were able to provide updates to close up the identified vulnerabilities and secure the affected devices against the exploits uncovered by the researchers," the researchers wrote in a blog post.
"However, these examples demonstrate just how careful manufacturers and the enterprises using their devices need to be when it comes to ensuring network-connected printers are up to scratch in terms of cyber security."
Security issues with internet-connected printers and other IoT devices are not uncommon.
In April, a survey by ForeScout claimed that 2.7 million firms in the UK are leaving their corporate networks vulnerable due to insecure IoT devices.
Earlier this month, researchers said that they had observed a hacking group linked to the Russian state targeting IoT devices in a bid to breach secure corporate networks.
In March, security experts from Unit 42, the threat intelligence group of Palo Alto Networks, discovered a new variant of the Mirai IoT malware, which was specifically targeting enterprise focused devices.