Researchers uncover over 35 vulnerabilities in six leading enterprise printers

NCC Group researchers have uncovered significant vulnerabilities in six commonly used enterprise printers, highlighting the vast attack surface that can be presented by internet-connected printers.

vulnerabilities enterprise printers

The research

Daniel Romero, managing security consultant and research lead, and Mario Rivas, security consultant at NCC Group, tested multiple aspects of six mid-range enterprise printers, including web application and web services and firmware and update capability, as well as carrying out hardware analysis.

Testing of the printers, manufactured by HP, Ricoh, Xerox, Lexmark, Kyocera and Brother, uncovered a wide range of vulnerability types using basic tools, some of which date back thirty or forty years. Some vulnerabilities were also uncovered within minutes of starting the research.

The issues varied in severity. The potential impact of exploiting them ranged from denial of service attacks that could lead to the crash of printers, the addition of backdoors within compromised printers to maintain attacker persistence on a corporate network, through to snooping on every print job sent to vulnerable printers and the ability to forward them to an external internet-based attacker.

The tested printers are:

Fixing the flaws and minimizing the risk of attacks

All of the vulnerabilities discovered during this research have either now been patched or are in the process of being patched by the manufacturers. It is recommended that system administrators now update any affected printers to the latest firmware available, and monitor for any further updates.

“Because printers have been around for decades, they’re not typically regarded as enterprise IoT, yet they are embedded devices that connect to sensitive corporate networks, and therefore demonstrate the potential risks and security vulnerability posed by enterprise IoT,” Matt Lewis, research director at NCC Group, noted.

“Building security into the development lifecycle would mitigate most, if not all, of these vulnerabilities – it’s therefore important that manufacturers continue to invest in and improve cyber security, including secure development training and carrying out thorough security assessments of all devices. Corporate IT teams can also make small changes to safeguard their organisation from IoT-related vulnerabilities, such as changing default settings, developing and enforcing secure printer configuration guides and regularly updating firmware.”

Don't miss