The forgotten
security risk
mind, IT administrators should start
paying serious attention to vulnerabilities and weaknesses in printers—and start preparing patch- and
risk-management strategies.
O’Connor, who works in information security for a major financial services company, said printers
should be treated the same as every
other asset because, for businesses
that depend on a paper trail, something as simple as a DoS (denial of
By Ryan Naraine ening proposition,” O’Connor said in service) attack can be debilitating.
Researchers warn that networked multifunction
printers can be a prime entry point for hackers
That networked multifunc- an interview with e Week. During his Black Hat presentation
tion printer sitting innocently The networked printers, scanners in 2006, O’Connor picked apart the
in the corner of your office just and copiers, he said, are no longer security model of a Xerox WorkCentre
might be the most significant entry dumb machines sitting in a corner multifunction printer, showing how
point for hackers to hijack sensitive performing mundane tasks. In his thedeviceoperatedmorelikealow-end
data from your business. server or workstation than a
Combining several func- copier or printer. In fact, the
tions in a single unit—in- device used an Advanced
cluding fax, copy, print Micro Devices processor,
and scan—these devices 256MB of SDRAM (syn-
are a forgotten risk in chronous dynamic RAM)
every enterprise, security and an 80GB hard drive
researchers warn. and ran Linux, Apache and
“A compromised [multi- PostGreSQL.
function printer] is danger- He showed how the
ous for a number of reasons. authentication on the de-
First and foremost, no one in vice’s Web interface can be
the enterprise pays attention easily bypassed to launch
to them. That lack of visibil- commands to completely
ity makes for a very attractive Send attack to printer hijack a new Xerox Work-
attack platform,” said Bren- Centre machine.
Here are a few attack scenarios that can play out
dan O’Connor, a researcher on multifunction printers: A Xerox spokesperson
who was among the first to confirmed that the vulnera-
call attention to the printer DoS bility discussed by O’Connor
security risk during a Black Specialized malware can be programmed to crash printers has since been patched.
Hat talk in 2006. and scanners, disrupting paper-based business operations. “All the information that’s
“When I was doing my being printed, scanned and
research, I had dozens and Code execution Hackers can exploit vulnerabilities to load a rootkit into printers, hijacking all documents passing across faxed is susceptible to theft,”
dozens of MFDs [multi- the network. O’Connor said. ”Once
function devices] under my Document spying With built-in network, fax/modem and under an attacker’s
con-control, and no one in IT network capabilities, there are a variety of ways to smuggle the trol, it is simple to covertly
knew what I was doing. The stolen information out of an organization once it’s been captured. save copies of other people’s
idea of an attacker having Credentials theft If users need to enter a password for certain data on the machine’s hard
equipment completely under operations, such as scanning to e-mail or network folders and drive. With built-in network,
their control on a company’s shares, an attacker can capture user names and passwords to gain further access to network resources. Source: e WEEK reporting fax/modem and network
internal network is a fright- [CONTINUED ON PAGE 34]
