Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

0wning Office Printers

In a talk at last year’s EuroSecWest conference, researcher Andrei Costin presented several vulnerabilities he found within commercial printers.

In a talk at last year’s EuroSecWest conference, researcher Andrei Costin presented several vulnerabilities he found within commercial printers. Most recently attacks against printers were mentioned by Alexey Polyakov (Photo), Head of the Global Emergency Response Team of Kaspersky Labs, in a talk last month at the Security Analysts Summit in Malaga, Spain.

Alexey Polyakov KasperskyMany printers today (and within this definition I’m including multifunction printers that include faxing and scanning) are in fact embedded systems. Must are running some flavor of (RT)OS, such as VxWorks, LynxOS, Nucleus, or Linux. This gives the device a platform so that applications can be loaded to handle the various multifunction features, like color scanning. It also creates a homogenous environment so that if there’s a flaw in LynxOS, there’s an opening for a printer attack. No more security by obscurity.

Additionally, some printers use embedded Java VM such as ChaiServer. Others have embedded Web Servers such as VirataEmWeb. Either way, they have the ability to serve documents remotely, which means someone half away around the world could be snooping through your documents cache. Again, if there’s a flaw in Java VM, there’s now an opportunity for a remote attack.

Even if someone doesn’t have remote access, most modern multifunction printers include hard drives. High capacity hard drives are capable of storing sensitive data, such as legal documents or proprietary information. The hard drives make it possible for large print jobs to be handled quickly, without someone feeding the documents. But what happens when the printer is serviced, the hard drive replaced, and all those sensitive documents walk out the door?

Costin noted that commercial printers have been networked for more than 15 years, yet they are constantly out of computer security’s watchful eye. He cites in his presentation brand names from Xerox (with more than 40 reported vulnerabilities) to Brother (with only 1). And this, he says, represents too few vulnerabilities for a such an mature industry. In other words, why aren’t we seeing more and more vulnerabilities disclosed (and patched) specific to printing?

The dangers are real, says both Costin and Polyakov. Remote attackers could, for example, wage a denial of service attack by re-writing the firmware. More ominously, Costin postulated in his talk about “randsomeware,” where cybercriminals “lock up” the data on a printer in exchange for money, and espionage, where competitors steal proprietary information remotely.

An extreme example would be where malware disables the temperature-sensors within the printer then jams the paper while it’s in the fuser, causing a fire. Having various printers erupt in flames would probably incite terror in any office.

To guard against these scenarios, Costin recommends that System Administrators:

• Develop and follow secure periodic practices and checklists for all your MFPs/printers

Advertisement. Scroll to continue reading.

• Use and analyze extensive logging using MFPs management platforms

• Properly isolate MFPs on appropriate network segments

• Implement stricter domain-level printing policies

Long term, Costin recommended that printer vendors to clean up their code. Simply patching known vulnerabilities would be a step in the right direction. Better yet, the printer vendors should adopt a Secure Software Development Lifecycle to ensure that the code is trustworthy.

He further invited the security community to help by creating honeypots specifically to collect data about the types of printer malware in the wild. And reminded his audience that multifunction printers are more “than ‘dummy printers’ –are full-blown machines with great power.” But there’s something else here as well: if we’re overlooking the threats posed by printers, what other network devices are we over looking as well?

In my next column I’ll talk about new ways to hack mice and keyboards.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

The City of Phoenix has promoted Mitch Kohlbecker to the role of Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.