MFP PRINTERS CAN BE HACKED !

  • ncc-banner-902-x-177-june-2017
  • cartridgewebsite-com-big-banner-02-09-07-2016
  • clover-depot-intl-us-ca-email-signature-05-10-2017-902x1772
  • banner-01-26-17b
  • mse-big-banner-new-03-17-2016-416716a-tonernews-web-banner-mse-212
  • Print
  • 4toner4
  • 05 02 2016 429716a-cig-clearchoice-banner-902x177
  • ces_web_banner_toner_news_902x1776
  • 2toner1-2
Share

MFP PRINTERS CAN BE HACKED !

 user 2006-08-08 at 11:41:00 am Views: 62
  • #16033

    Printers a weak link in network security
    LAS
    VEGAS–The multifunction printers found in many offices are not dumb
    devices, but are computers that can be hacked, a security expert has
    warned.In a presentation at the Black Hat security conference, Brendan
    O’Connor, a security expert at an unnamed U.S. financial company,
    showed how he could gain control over a Xerox device and wreak all
    kinds of havoc”Stop treating them as printers. Treat them as servers,
    as workstations,” O’Connor said in his presentation on Thursday.
    Printers should be part of a company’s patch program and be carefully
    managed, not forgotten by IT and handled by the most junior person on
    staff, he said,In the case of the Xerox system, O’Connor said the
    multifunction device was, in essence, a Linux server. He was able to
    exploit a weakness in the security of the device and gain full control
    of the machine. O’Connor noted that he also looked at devices from
    other manufacturers and found similar security faults, but did not list
    any names.Once a printer was under his control, O’Connor said he would
    be able to use it to map an organization’s internal network–a
    situation that could help stage further attacks. The breach gave him
    access to any of the information printed, copied or faxed from the
    device. He could also change the internal job counter–which can
    reduce, or increase, a company’s bill if the device is leased, he
    said.The printer break-in also enables a number of practical jokes,
    such as sending print and scan jobs to arbitrary workers’ desktops,
    O’Connor said. Also, devices could be programmed to include, for
    example, an image of a paper clip on every print, fax or copy,
    ultimately driving office staffers to take the machine apart looking
    for the paper clip.One of the weaknesses in the Xerox system is an
    unsecured boot loader, the technology that loads the basic software on
    the device, O’Connor said. Other flaws lie in the device’s Web
    interface and in the availability of services such as the Simple
    Network Management Protocol and Telnet, he said.O’Connor informed Xerox
    of the problems in January. The company did issue a fix for its
    WorkCentre 200 series, it said in a statement. “Thanks to Brendan’s
    efforts, we were able to post a patch for our customers in mid-January
    which fixes the issues,” a Xerox representative said in an e-mailed
    statement.However, O’Connor believes the fix is inadequate, and
    therefore he decided to make the presentation at Black Hat. The threat
    is real, even though printers are mostly on internal networks, he said.
    “There is always the insider threat,” O’Connor said.