NCC Group researchers have uncovered significant vulnerabilities in six commonly used enterprise printers, highlighting the vast attack surface that can be presented by internet-connected printers.
Daniel Romero, managing security consultant and research lead, and Mario Rivas, security consultant at NCC Group, tested multiple aspects of six mid-range enterprise printers, including web application and web services and firmware and update capability, as well as carrying out hardware analysis.
Testing of the printers, manufactured by HP, Ricoh, Xerox, Lexmark, Kyocera and Brother, uncovered a wide range of vulnerability types using basic tools, some of which date back thirty or forty years. Some vulnerabilities were also uncovered within minutes of starting the research.
The issues varied in severity. The potential impact of exploiting them ranged from denial of service attacks that could lead to the crash of printers, the addition of backdoors within compromised printers to maintain attacker persistence on a corporate network, through to snooping on every print job sent to vulnerable printers and the ability to forward them to an external internet-based attacker.
The tested printers are:
- HP Color LastJet Pro MFP M281fdw
- Ricoh SP C250DN
- Xerox Phaser 3320
- Brother HL-L8360CDW
- Lexmark CX310DN
- Kyocera Ecosys M5526cdw
Fixing the flaws and minimizing the risk of attacks
All of the vulnerabilities discovered during this research have either now been patched or are in the process of being patched by the manufacturers. It is recommended that system administrators now update any affected printers to the latest firmware available, and monitor for any further updates.
“Because printers have been around for decades, they’re not typically regarded as enterprise IoT, yet they are embedded devices that connect to sensitive corporate networks, and therefore demonstrate the potential risks and security vulnerability posed by enterprise IoT,” Matt Lewis, research director at NCC Group, noted.
“Building security into the development lifecycle would mitigate most, if not all, of these vulnerabilities – it’s therefore important that manufacturers continue to invest in and improve cyber security, including secure development training and carrying out thorough security assessments of all devices. Corporate IT teams can also make small changes to safeguard their organisation from IoT-related vulnerabilities, such as changing default settings, developing and enforcing secure printer configuration guides and regularly updating firmware.”