2 min read

Patch your internet-connected printer! Serious vulnerabilities discovered

Graham CLULEY

August 13, 2019

Patch your internet-connected printer! Serious vulnerabilities discovered

When you think of IoT chances are that you may picture all manner of gadgets and gizmos: ranging from smart doorbells which let you vet your visitors, to light bulbs which can change their hue with a simple click of an app, to hair straighteners that let you remotely control their temperature.

But there is some technology which has been connected to networks for many years longer, that many users may so comfortably view as “part of the furniture” that it can be easily forgotten that they are also part of the Internet of Things. Such as printers.

Printers, just like any other IoT-enabled device, need to be secured, and updated with the latest firmware and patches to prevent a successful hacker attack.

That’s the message which comes through loud and clear following the announcement by security researchers at NCC Group that they had uncovered multiple security holes in printers manufactured by HP, Ricoh, Xerox, Lexmark, Kyocera, and Brother.

The wide range of vulnerabilities could be exploited by malicious attackers to cause printers to crash, or – potentially more seriously – open backdoors to corporate networks, spy on print jobs, or even send sensitive printouts to unauthorised parties.

Specifically, NCC Group tested the HP Color LaserJet Pro MFP M281fdw, Ricoh SP C250DN, Xerox Phaser 3320, Brother HL-L8360CDW, Lexmark CX310DN, and the Kyocera Ecosys M5526cdw. But it’s possible similar vulnerabilities existed – or may even still exist – in other models.

Thankfully the researchers informed the printer manufacturers about the flaws, prompting them to produce security patches and firmware updates to secure the affected devices from further exploitation. But one has to wonder if the researchers had not investigated the flaws, whether they would have gone unnoticed by the good guys for years to come – and only perhaps uncovered by malicious hackers.

“Because printers have been around for so long, they’re not seen as enterprise IoT devices – but they’re embedded in corporate networks and therefore pose a significant risk,” Matt Lewis, research director at NCC Group, said in a press release announcing the findings. “Building security into the development lifecycle would mitigate most if not all of these vulnerabilities. It’s very important that manufacturers continue to invest in security for all devices, just as corporate IT teams should guard against IoT-related vulnerabilities with even small change: changing default settings, enforcing secure configuration guides and regularly updating firmware.”

The affected manufacturers have posted advisories about the vulnerabilities alongside links to their respective patches:

It’s not a new or trendy piece of advice but it’s as important now as it always was: keep your systems updated to protect against security vulnerabilities.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Google Prepares to Reset App Permissions on Billions of Devices Google Prepares to Reset App Permissions on Billions of Devices
Silviu STAHIE

September 20, 2021

1 min read
Sideloading Android Apps - Bane or Blessing for Android Users Sideloading Android Apps - Bane or Blessing for Android Users
Silviu STAHIE

September 20, 2021

2 min read
FTC Says Companies Operating Health Apps and Connected Devices Must Inform Users of Data Breaches FTC Says Companies Operating Health Apps and Connected Devices Must Inform Users of Data Breaches
Silviu STAHIE

September 17, 2021

1 min read