Printers Vulnerable To Security Threats

← Back to Stories (view on slashdot.org)

Printers Vulnerable To Security Threats

Posted by kdawson on Thursday January 18, 2007 @04:18AM from the infected-my-what? dept.

jcatcw writes "Networked printers are more vulnerable to attack than many organizations realize. Symantec has logged vulnerabilities in five brands of network printers. Printers outside firewalls, for ease of remote printing, may also be open to easy remote code execution. They can be possible launching pads for attacks on the rest of the network. Disabling services that aren't needed and keeping up with patches are first steps to securing them." From the article: "Security experts say that printers are loaded with more complex applications than ever, running every vulnerable service imaginable, with little or no risk management or oversight.... [N]etworked printers need to be treated like servers or workstations for security purposes — not like dumb peripherals."

7 of 173 comments (clear)

Min score:

Reason:

Sort:

Re:Try it out by Anonymous+Monkey · 2007-01-18 04:29 · Score: 4, Insightful

What most people don't get is that that cute, slim-line print kit that they slid in the back of there copy machine is, in fact, made out of lap top parts and running DOS. Any multifunction print system is a computer with a printer & scanner attached, and should be treated thusly.

--
We are the Borg...
Isn't anything on the network a vulnerability? by 192939495969798999 · 2007-01-18 04:34 · Score: 3, Insightful

I figure it's safer to assume that anything connected to the network could be an attack point. If you have a network toy like some light-up furby that connects to the network and changes color based on packet throughput, that thing probably has no security whatsoever on it (even assuming it has embedded linux or something).

--
stuff |
firewall by bfields · 2007-01-18 04:52 · Score: 2, Insightful

Printers outside firewalls, for ease of remote printing, may also be open to easy remote code execution.

Unlike, of course, printers behind firewalls, which are not at all open to remote code execution, since there's no chance that anything attached to the firewalled network will ever be hacked. Ah, the magic of the firewall.
1. Re:firewall by Anonymous Coward · 2007-01-18 05:45 · Score: 1, Insightful
  
  Unless a PC gets infected and allows somebody to tunnel in and get access to everything inside the network.
Re:Unless... by AndroidCat · 2007-01-18 05:10 · Score: 2, Insightful

And if you had some search engine toolbar installed, and printer was visible to the outside, its config page was probably snitched to the rest of the world.

--
One line blog. I hear that they're called Twitters now.
Re:Try it out by soft_guy · 2007-01-18 05:28 · Score: 3, Insightful

I really don't get this-- why? Why would you put your printer outside your firewall? So you can print from the internet? What's the point?
The point is that these printers aren't being configured this way on purpose - people plug them and and dick with them randomly until they get a document to physically come out of the printer. Then they walk away from it and never think about it again until it runs out of toner.

--
Avoid Missing Ball for High Score
Re:Campus Printers by afidel · 2007-01-18 07:16 · Score: 4, Insightful

The LPT/USB port isn't usually disabled, so just hook up a cable and print =)

--
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.