Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

0wning Office Printers

In a talk at last year’s EuroSecWest conference, researcher Andrei Costin presented several vulnerabilities he found within commercial printers.

In a talk at last year’s EuroSecWest conference, researcher Andrei Costin presented several vulnerabilities he found within commercial printers. Most recently attacks against printers were mentioned by Alexey Polyakov (Photo), Head of the Global Emergency Response Team of Kaspersky Labs, in a talk last month at the Security Analysts Summit in Malaga, Spain.

Alexey Polyakov KasperskyMany printers today (and within this definition I’m including multifunction printers that include faxing and scanning) are in fact embedded systems. Must are running some flavor of (RT)OS, such as VxWorks, LynxOS, Nucleus, or Linux. This gives the device a platform so that applications can be loaded to handle the various multifunction features, like color scanning. It also creates a homogenous environment so that if there’s a flaw in LynxOS, there’s an opening for a printer attack. No more security by obscurity.

Additionally, some printers use embedded Java VM such as ChaiServer. Others have embedded Web Servers such as VirataEmWeb. Either way, they have the ability to serve documents remotely, which means someone half away around the world could be snooping through your documents cache. Again, if there’s a flaw in Java VM, there’s now an opportunity for a remote attack.

Even if someone doesn’t have remote access, most modern multifunction printers include hard drives. High capacity hard drives are capable of storing sensitive data, such as legal documents or proprietary information. The hard drives make it possible for large print jobs to be handled quickly, without someone feeding the documents. But what happens when the printer is serviced, the hard drive replaced, and all those sensitive documents walk out the door?

Costin noted that commercial printers have been networked for more than 15 years, yet they are constantly out of computer security’s watchful eye. He cites in his presentation brand names from Xerox (with more than 40 reported vulnerabilities) to Brother (with only 1). And this, he says, represents too few vulnerabilities for a such an mature industry. In other words, why aren’t we seeing more and more vulnerabilities disclosed (and patched) specific to printing?

The dangers are real, says both Costin and Polyakov. Remote attackers could, for example, wage a denial of service attack by re-writing the firmware. More ominously, Costin postulated in his talk about “randsomeware,” where cybercriminals “lock up” the data on a printer in exchange for money, and espionage, where competitors steal proprietary information remotely.

An extreme example would be where malware disables the temperature-sensors within the printer then jams the paper while it’s in the fuser, causing a fire. Having various printers erupt in flames would probably incite terror in any office.

To guard against these scenarios, Costin recommends that System Administrators:

• Develop and follow secure periodic practices and checklists for all your MFPs/printers

Advertisement. Scroll to continue reading.

• Use and analyze extensive logging using MFPs management platforms

• Properly isolate MFPs on appropriate network segments

• Implement stricter domain-level printing policies

Long term, Costin recommended that printer vendors to clean up their code. Simply patching known vulnerabilities would be a step in the right direction. Better yet, the printer vendors should adopt a Secure Software Development Lifecycle to ensure that the code is trustworthy.

He further invited the security community to help by creating honeypots specifically to collect data about the types of printer malware in the wild. And reminded his audience that multifunction printers are more “than ‘dummy printers’ –are full-blown machines with great power.” But there’s something else here as well: if we’re overlooking the threats posed by printers, what other network devices are we over looking as well?

In my next column I’ll talk about new ways to hack mice and keyboards.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.