Slashdot Mirror

← Back to Stories (view on slashdot.org)

Printers Vulnerable To Security Threats

Posted by kdawson on from the infected-my-what? dept.

jcatcw writes "Networked printers are more vulnerable to attack than many organizations realize. Symantec has logged vulnerabilities in five brands of network printers. Printers outside firewalls, for ease of remote printing, may also be open to easy remote code execution. They can be possible launching pads for attacks on the rest of the network. Disabling services that aren't needed and keeping up with patches are first steps to securing them." From the article: "Security experts say that printers are loaded with more complex applications than ever, running every vulnerable service imaginable, with little or no risk management or oversight.... [N]etworked printers need to be treated like servers or workstations for security purposes — not like dumb peripherals."

14 of 173 comments (clear)

  1. Try it out by delirium+of+disorder · · Score: 5, Interesting

    Over the past several years, if you did a random port scan of the Internet (nmap -iR) the majority of open telnet (tcp port 23) servers were print servers that let you telnet in and change all sorts of settings.

    --
    ------ Take away the right to say fuck and you take away the right to say fuck the government.
    1. Re:Try it out by advocate_one · · Score: 3, Interesting

      More likely a stripped down Linux... I assisted a service agent a couple of years ago and the fancy photocopier, scanner, faxer, emailer (it could scan and send the scans as emails... very useful) beast showed a Linux boot up sequence while booting into safe mode (he knew the secret jumper to set for this mode)... Also, my HP PSC1350 is running Linux, I know this because when I was installing Debian on my computer a few months ago, I had the printer connected and powered up and the Debian installer wanted to know if I wanted to install debian onto the ext2 partition it had found on the printer (connected via USB). I was rather surprised and thankfully I hadn't blindly accepted it.

      --
      Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
    2. Re:Try it out by Mister+Whirly · · Score: 2, Interesting

      If I find an open printer with out an admin password set, I generally will go in and keep changing the language to Portuguese or German on the control panel. It is mostly harmless, and points out the fact that someone can go in and easily change their settings. Some control panels even let you display a custom message. On those I have it read "CHANGE YOUR ADMIN PASSWORD NOW!" or "I AM NOT SECURE!"

      --
      "But this one goes to 11!"
  2. Happened before by CapitalT · · Score: 2, Interesting

    Anyone remember the story about the guy who wrote a "visual basic" virus to send the O RLY owl to all printers in the company?

    Maybe we'll see a lot of these coming, it'll be fun *hee hee hee* {devilish laugh}. I don't have a printer }:-]

    --
    Syllable 0.62 is here at last!!!
  3. Re:What are they going to do... by Calinous · · Score: 2, Interesting

    Taking a snapshot of everything that is printed, and mail it to an interesting party?
    Altering what is printed? Change amounts on printed spreadsheets, change destination for item transfers, and other "creative uses"

  4. Re:Identifying viruses by chunews · · Score: 2, Interesting

    In my experience, that virus - printing page after page of funny characters - is a human one, from someone trying to print a PCL formatted file to a PostScript printer or vice versa.

  5. Campus Printers by cpearson · · Score: 4, Interesting

    On many if not most college campuses the printers are administered and accounted for my a system tied to a student id. Each student can get so many free prints per semester and can pay per print after exceeding that. Malicious code executing on a print server could sniff all the student accounts accessing the printer.

    http://www.vistahelpforum.com/

    --
    Windows Vista Help Forum
  6. This is what happened to Iraq. by darkmeridian · · Score: 3, Interesting

    Laugh if you want, but this was what happened to Iraq on the eve of the Gulf War. A modified printer was put onto their defense computer network by an Allied operative. Right when the air war started, the bug fired up and brought down the network. Just because a threat sounds outlandish does not mean it isn't a real threat.

    (The story was recounted in The Generals' War.)

    --
    A NYC lawyer blogs. http://www.chuangblog.com/
  7. How FUDtastic!!! by Anonymous Coward · · Score: 2, Interesting

    Symantec is really grasping at straws here. In the age of internet security, why anyone would put a printer outside the firewall is too far beyond me to comprehend. Any firewall admin should be able to put rules in place for remote printing. And for that matter, why does any one need to remotely print? Anybody heard of email? Ol' deskjet at home too slow? Users in the office too lazy? Too many pebcak errors? Remote printing may be the most worthless of the worthless network setups. Also, why are people not using external secure computing devices. This stuff is not that expensive for the return it gives.
    Symantec is quaking in its boots and instead of shouting fire in a theater they should be looking at what they have and capitalizing on it. Why else would they buy Veritas? I'm sure it wasn't because it they wanted to add AV to it.

  8. Toner and Ink Cartridge companies look to exploit. by Radon360 · · Score: 2, Interesting

    Imagine those companies that sell expensive toner and ink cartridges pairing up with someone to write some malicious code to burn through your printing supplies faster.

    It won't be long before you hear about something like the "Page_Blackout" or "Toner_Drain" worm.

  9. Re:Unless... by Jeremiah+Cornelius · · Score: 4, Interesting

    We used these REGULARLY to exploit banks, in our testing.

    The high-end HPs had both harddisk, and a JVM with listening socket on port 80. WHeee!

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  10. Re:This is news? by Anonymous Coward · · Score: 2, Interesting

    It seems like an innocent trick, but I once cost a company thousands. They had one printer that was cleared by the NSA for printing classified documents -- it didn't store the things it printed in RAM, or it had some approved method of obfuscating its RAM, or some shit.

    I started dicking around with the PCL "ready" message, and they realized that it COULD store data -- in the "ready" message.

    New printer, ahoy!

  11. Hacking Embedded Network Systems by nuckfuts · · Score: 3, Interesting

    FX of Phenoelit gave an amazing talk on this at CanSecWest/core03 back in 2003 that outlined how to turn a JetDirect printer into a webserver, fileserver or even a port scanner! We all had a huge chuckle at the thought of someone tracking down a port scanner on the network only to find it was coming from an HP printer.

    The entire presentation is still available online in both PDF and PPT format.

    The tools used to hack the printers are available here.

  12. Re:Unless... by FooAtWFU · · Score: 4, Interesting
    My school, before the Great Firewalling of its network a few years ago, had its printers open to the whole Internet. Apparently someone hacked into one and used it as an FTP server for warez and porn. And it still worked as a printer. :)

    Of course, this also means that I can't stick up a website for the world from my laptop anymore, either. =/ Ah well.

    --
    The World Wide Web is dying. Soon, we shall have only the Internet.