Many Popular Printers Provide Easy Attack Surfaces

Printers seems to be simple devices that we use to convert information into a physical form, usually text on paper.  But all printers are really small special purpose computers.  They have processors, RAM memory, and storage in the form of solid state chips or entire hard drives.  The operating system is often some form of Linux.  They usually can be accessed and configured over the network using a small on-board web application.  Printers communicate across the entire LAN, and if compromised can provide a platform to pivot to other computers and servers.  Many have remote-print-from-the-web capabilities.  This feature provides remote access interfaces that can be exploited by cyber-attackers.

Cybersecurity practitioners who perform automated vulnerability assessments across a network full of computers and other devices often avoid scanning printers for vulnerabilities.  This is because printers often respond to these sorts of aggressive scanning tools by malfunctioning,  or printing a single character on a full tray of printer paper, or other negative responses.  An outcome of this practice is that vulnerabilities in printers are never found.

Researchers at the NCC Group recently reported on printer security and found vulnerabilities in  printer models from Ricoh, Lexmark, Xerox, Brother, and Kyocera.

Some of the vulnerabilities found include:

  • No account lockout which means that an attacker can brute-force the administrative password uninterrupted by failed login lockouts.
  • Buffer overflows that allow remote code execution in the Internet Printing Protocol and Line Daemon Printer protocols.
  • Heap overflow vulnerability.
  • Cross-site scripting and cross-side request forgery attacks against the on-board web application.
  • Path traversal vulnerability that allow attacker to navigate across the printer file structure.
  • Hard-coded FTP credentials allowed access to the contents of FTP folders

All of these vendors have provided updates that close these vulnerabilities, but many organizations do not routinely run updates or firmware upgrades on their printer fleet.  If this sounds like your organization, you may want to update the printers now and put printer updates on a regular maintenance schedule.

Do not ignore printers when considering your network security.  Make sure you keep software and firmware up-to-date, and include them in your vulnerability scans.

More information:

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.