Def Con: Printers are insecure
The printer is behaving strangely: normal office routine. It is doing this because it has been hacked: rather unusual. But not so far-fetched, as two security experts demonstrated at Def Con.
The official task of office printers is printing. They also have the commendable task of slowing down the hectic pace of everyday life by creating queues and paper jams, going offline for unknown reasons or requesting a rare spare part via an error message.
As heise.de reports, printers not only behave strangely of their own accord, but can also be made to do so from the outside. They have numerous security vulnerabilities. This was demonstrated by two IT security experts from the NCC Group at Def Con 27. Using purely automated tests, they found 50 security vulnerabilities in the printer firmware of various manufacturers within a short space of time. Some of these are dangerous: they enable remote control without authentication.
The manufacturers have since reacted, but some of the security vulnerabilities are still unpatched. However, the fact that printers pose a security problem is not just the fault of the manufacturers, say the experts. Firmware updates are neglected by the IT departments of many companies. While the security risks of IoT devices, such as surveillance cameras, are now generally known, printers are hardly noticed, even though they are practically always connected to the company network. The researchers suspect psychological reasons: Printers have simply been around for decades and are therefore not seen as dangerous IoT attack points, . Here are the devices tested and the links to the security problems found. As you can see, various other models are also affected. For Brother, there are over 300 models in total. A security update is now available for all of them.
- HP Colour LastJet Pro MFP M281fdw
- Ricoh SP C250DN
- Xerox Phaser 3320
- Brother HL-L8360CDW
- Lexmark CX310DN
- Kyocera Ecosys M5526cdw
My interest in IT and writing landed me in tech journalism early on (2000). I want to know how we can use technology without being used. Outside of the office, I’m a keen musician who makes up for lacking talent with excessive enthusiasm.