2 min read

Patch your internet-connected printer! Serious vulnerabilities discovered

Graham CLULEY

August 13, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Patch your internet-connected printer! Serious vulnerabilities discovered

When you think of IoT chances are that you may picture all manner of gadgets and gizmos: ranging from smart doorbells which let you vet your visitors, to light bulbs which can change their hue with a simple click of an app, to hair straighteners that let you remotely control their temperature.

But there is some technology which has been connected to networks for many years longer, that many users may so comfortably view as “part of the furniture” that it can be easily forgotten that they are also part of the Internet of Things. Such as printers.

Printers, just like any other IoT-enabled device, need to be secured, and updated with the latest firmware and patches to prevent a successful hacker attack.

That’s the message which comes through loud and clear following the announcement by security researchers at NCC Group that they had uncovered multiple security holes in printers manufactured by HP, Ricoh, Xerox, Lexmark, Kyocera, and Brother.

The wide range of vulnerabilities could be exploited by malicious attackers to cause printers to crash, or – potentially more seriously – open backdoors to corporate networks, spy on print jobs, or even send sensitive printouts to unauthorised parties.

Specifically, NCC Group tested the HP Color LaserJet Pro MFP M281fdw, Ricoh SP C250DN, Xerox Phaser 3320, Brother HL-L8360CDW, Lexmark CX310DN, and the Kyocera Ecosys M5526cdw. But it’s possible similar vulnerabilities existed – or may even still exist – in other models.

Thankfully the researchers informed the printer manufacturers about the flaws, prompting them to produce security patches and firmware updates to secure the affected devices from further exploitation. But one has to wonder if the researchers had not investigated the flaws, whether they would have gone unnoticed by the good guys for years to come – and only perhaps uncovered by malicious hackers.

“Because printers have been around for so long, they’re not seen as enterprise IoT devices – but they’re embedded in corporate networks and therefore pose a significant risk,” Matt Lewis, research director at NCC Group, said in a press release announcing the findings. “Building security into the development lifecycle would mitigate most if not all of these vulnerabilities. It’s very important that manufacturers continue to invest in security for all devices, just as corporate IT teams should guard against IoT-related vulnerabilities with even small change: changing default settings, enforcing secure configuration guides and regularly updating firmware.”

The affected manufacturers have posted advisories about the vulnerabilities alongside links to their respective patches:

It’s not a new or trendy piece of advice but it’s as important now as it always was: keep your systems updated to protect against security vulnerabilities.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read