2 min read

Patch your internet-connected printer! Serious vulnerabilities discovered

Graham CLULEY

August 13, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Patch your internet-connected printer! Serious vulnerabilities discovered

When you think of IoT chances are that you may picture all manner of gadgets and gizmos: ranging from smart doorbells which let you vet your visitors, to light bulbs which can change their hue with a simple click of an app, to hair straighteners that let you remotely control their temperature.

But there is some technology which has been connected to networks for many years longer, that many users may so comfortably view as “part of the furniture” that it can be easily forgotten that they are also part of the Internet of Things. Such as printers.

Printers, just like any other IoT-enabled device, need to be secured, and updated with the latest firmware and patches to prevent a successful hacker attack.

That’s the message which comes through loud and clear following the announcement by security researchers at NCC Group that they had uncovered multiple security holes in printers manufactured by HP, Ricoh, Xerox, Lexmark, Kyocera, and Brother.

The wide range of vulnerabilities could be exploited by malicious attackers to cause printers to crash, or – potentially more seriously – open backdoors to corporate networks, spy on print jobs, or even send sensitive printouts to unauthorised parties.

Specifically, NCC Group tested the HP Color LaserJet Pro MFP M281fdw, Ricoh SP C250DN, Xerox Phaser 3320, Brother HL-L8360CDW, Lexmark CX310DN, and the Kyocera Ecosys M5526cdw. But it’s possible similar vulnerabilities existed – or may even still exist – in other models.

Thankfully the researchers informed the printer manufacturers about the flaws, prompting them to produce security patches and firmware updates to secure the affected devices from further exploitation. But one has to wonder if the researchers had not investigated the flaws, whether they would have gone unnoticed by the good guys for years to come – and only perhaps uncovered by malicious hackers.

“Because printers have been around for so long, they’re not seen as enterprise IoT devices – but they’re embedded in corporate networks and therefore pose a significant risk,” Matt Lewis, research director at NCC Group, said in a press release announcing the findings. “Building security into the development lifecycle would mitigate most if not all of these vulnerabilities. It’s very important that manufacturers continue to invest in security for all devices, just as corporate IT teams should guard against IoT-related vulnerabilities with even small change: changing default settings, enforcing secure configuration guides and regularly updating firmware.”

The affected manufacturers have posted advisories about the vulnerabilities alongside links to their respective patches:

It’s not a new or trendy piece of advice but it’s as important now as it always was: keep your systems updated to protect against security vulnerabilities.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

More than 50,000 People Affected by US Cellular Data Breach; Leaked Info Hits the Internet More than 50,000 People Affected by US Cellular Data Breach; Leaked Info Hits the Internet
Silviu STAHIE

February 08, 2023

1 min read
Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns
Silviu STAHIE

February 06, 2023

1 min read
U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine
Silviu STAHIE

February 03, 2023

1 min read