Printers Remain a Significant Network Threat
Nearly 50 vulnerabilities were found in printers from the top six brands…
An article review.
You’re aware of phishing scams, you don’t open e-mail attachments you weren’t expecting to receive, your virus definitions are updated regularly and you don’t connect to unsecured wifi networks…but when was the last time you thought about your printer? A report on nearly 50 vulnerabilities discovered in six major printer brands—submitted by our friend Wes Pollard—suggests these devices are worthy of your attention as well.
With subjects like ransomware and the rise of internet-of-things devices taking much of the spotlight in the security world, many people overlook the humble printer…a device that can be considered a networked server itself. Considering this, it should come as no surprise that security firm NCC Group was able to uncover 49 vulnerabilities when they looked at a number of popular enterprise printers. These vulnerabilities ranged from minor annoyances to major threats–including remote code execution–which could in theory be used to mount attacks on other network resources.
The good news is that each of the manufacturers in the report had patched their vulnerabilities by the time the article was published, which suggests the manufacturers take the issue of security seriously and respond quickly to threats. Even still, firmware updates require someone to download and install them on the impacted devices, and as many of us know all too well that sometimes never gets done.
Finally, to help mitigate the threat posed by networked printers, the authors of the report suggest corporations take basic steps such as changing default passwords and settings, following secure configuration guides and regularly updating the device’s firmware.
Original article by Robert Lemos writing for Dark Reading.