Is your office printer putting your business at risk of attack?
Dozens of vulnerabilities discovered in six popular enterprise printers
Some of the most popular printers in use today could be putting users at risk due to serious security vulnerabilities.
Researchers at the NCC Group have discovered significant vulnerabilities in six commonly used enterprise printers which could open up organizations to potential attacks and data breaches.
The vulnerabilities were uncovered after the team tested multiple aspects of six mid-range enterprise printers including web application and web services, firmware and update capabilities and hardware analysis.
- Printer security a major worry in the education sector
- Sharp boosts printer security with new launches
- Your printer: it's a vulnerable, connected device
The team tested printers from HP, Ricoh, Xerox, Lexmark, Kyocera and Brother using basic tools to reveal a wide range of vulnerabilities with some emerging almost instantly.
Internet-connected printers
If the vulnerabilities were exploited by attackers, the potential impact could range from denial of service attacks that could cause the printers to crash, backdoors that would allow attackers to maintain a hidden presence on an enterprise network or even the ability to spy on every print job sent and to send print jobs through to unauthorized parties.
Thankfully though, all of the vulnerabilities discovered by NCC Group have either been patched or will be in the near future. However, the firm is advising all system administrators to update all vulnerable printers with the latest firmware and to monitor further updates.
Research director at the NCC Group, Matt Lewis provided additional insight on the researchers' findings, saying:
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Because printers have been around for so long, they’re not seen as enterprise IoT devices—but they’re embedded in corporate networks and therefore pose a significant risk. Building security into the development lifecycle would mitigate most if not all of these vulnerabilities."
"It’s very important that manufacturers continue to invest in security for all devices, just as corporate IT teams should guard against IoT-related vulnerabilities with even small change: changing default settings, enforcing secure configuration guides and regularly updating firmware.”
In a statement to TechRadar Pro, HP said the company, "has posted firmware updates to address potential vulnerabilities to some of its Color LaserJet series."
"HP encourages customers to keep their systems updated to protect against vulnerabilities. "
- We've also highlighted the best printers of 2019
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.