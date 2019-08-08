Weak links would allow machines and corporate access to be seriously compromised

Researchers at NCC Group, the global cyber security and risk mitigation specialist, have uncovered significant vulnerabilities in six commonly used enterprise printers, highlighting the vast attack surface that can be presented by internet-connected printers. The team tested multiple aspects of six mid-range enterprise printers, including web application and web services, firmware and update capabilities, along with hardware analysis. The printers-manufactured by HP, Ricoh, Xerox, Lexmark, Kyocera and Brother-were tested using basic tools, some dating back 40 years. The research uncovered a wide range of vulnerabilities, including some that emerged almost instantly.

The findings, which will be presented by NCC Group at DEF CON, Hack in the Box and 44Con, range in severity, but the potential impact ranges from denial of service attacks that could cause the printers to crash, backdoors within compromised printers to maintain a hidden presence on the network, and the ability to spy on every print job sent and send print jobs through to unauthorised parties.

All of the vulnerabilities discovered have either been patched, or will be. System administrators are advised to update all vulnerable printers with the latest firmware, and monitor further updates.

"Because printers have been around for so long, they're not seen as enterprise IoT devices-but they're embedded in corporate networks and therefore pose a significant risk," said Matt Lewis, research director at NCC Group. "Building security into the development lifecycle would mitigate most if not all of these vulnerabilities. It's very important that manufacturers continue to invest in security for all devices, just as corporate IT teams should guard against IoT-related vulnerabilities with even small change: changing default settings, enforcing secure configuration guides and regularly updating firmware."

The research team was made up of Daniel Romero, managing security consultant and research lead, and Mario Rivas, security consultant at NCC Group.

The printers tested are listed below:

HP Color LaserJet Pro MFP M281fdw

Ricoh SP C250DN

Xerox Phaser 3320

Brother HL-L8360CDW

Lexmark CX310DN

Kyocera Ecosys M5526cdw

The technical advisories and CVE details can be found below:

HP: https://www.nccgroup.trust/uk/our-research/technical-advisories-multiple-vulnerabilities-in-HP-printers/?research=Technical+advisories

Lexmark: https://www.nccgroup.trust/uk/our-research/technical-advisory-multiple-vulnerabilities-in-lexmark-printers/?research=Technical+advisories

Xerox: https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/

Kyocera: https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-kyocera-printers/

Brother: https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-brother-printers/

Ricoh: https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/

