Slashdot Mirror

← Back to Stories (view on slashdot.org)

Printers Vulnerable To Security Threats

Posted by kdawson on from the infected-my-what? dept.

jcatcw writes "Networked printers are more vulnerable to attack than many organizations realize. Symantec has logged vulnerabilities in five brands of network printers. Printers outside firewalls, for ease of remote printing, may also be open to easy remote code execution. They can be possible launching pads for attacks on the rest of the network. Disabling services that aren't needed and keeping up with patches are first steps to securing them." From the article: "Security experts say that printers are loaded with more complex applications than ever, running every vulnerable service imaginable, with little or no risk management or oversight.... [N]etworked printers need to be treated like servers or workstations for security purposes — not like dumb peripherals."

1 of 173 comments (clear)

  1. HP Isn't the only brand by howlinmonkey · · Score: 5, Informative

    I work in the networked printer/multifunction industry. While HP is popular on desktops, other brands are gaining, and rule in the 50ppm+ arena. These devices come from other vendors like Canon, Sharp, Kyocera and Xerox. These multifunction devices provide scan, fax and print services and run a variety of OS's from VxWorks to Solaris. Yes Johnny, that means Windows XP embedded as well. Although I have to say, I haven't seen a DOS based controller in about 6 years.

    We routinely receive questions about security, and help patch and configure these boxes to meet network security requirements as closely as possible. Unfortunately, we have limited access to the core OS, so we go as far as we can and workaround the rest. Many vendors, especially those using Windows, provide controller patches with security fixes included. EFI even allows an admin to RDP in and use Windows Update to keep current

    These devices aren't perfect, but they have come a long way. That being said, if you haven't heard about this in the past, you have no business being in charge of network security. Multifunction devices today are just as powerful as your desktops and servers, running the same software. Admin control is limited, and vulnerabilities are a reality - note the recent Xerox vulnerability

    I would say it is important to stay in contact with your local vendor/dealer to stay on top of these issues. We work with these products everyday, and receive regular notices about security issues and solutions, not to mention a wide variety of other product data. We are a resource, just like any other outside consultant, to help you get and stay secure.