Slashdot Mirror

← Back to Stories (view on slashdot.org)

Multifunction Printers — The Forgotten Security Risk?

Posted by ScuttleMonkey on from the just-start-with-locks-on-the-doors dept.

eweekhickins writes to share an article in eWeek highlighting the forgotten risks that a multifunction printer could possibly offer. Brendan O'Connor first called attention to the vulnerabilities of these new devices at a Black Hat talk in '06 and warns that these are no longer "dumb" machine sitting in the corner and should be treated with their own respective security strategy. "During his Black Hat presentation in 2006, O'Connor picked apart the security model of a Xerox WorkCentre MFP, showing how the device operated more like a low-end server or workstation than a copier or printer--complete with an AMD processor, 256MB of SDRAM and an 80GB hard drive and running Linux, Apache and PostGreSQL. He showed how the authentication on the device's Web interface can be easily bypassed to launch commands to completely hijack a new Xerox WorkCentre machine."

19 of 153 comments (clear)

  1. So what's the potential threat? by daveywest · · Score: 5, Funny

    Are we going to have a bot net of machines that print our spam for us?

    1. Re:So what's the potential threat? by Adriax · · Score: 4, Funny

      Fear the Goatse printer virus.

      --
      I don't suffer from insanity, I enjoy every minute of it!
    2. Re:So what's the potential threat? by AuMatar · · Score: 4, Funny

      No, they print out a ransom note, demanding $1,000,000,000 or they'll print out all our spam. Management will pay, because at the current cost of ink the billion is cheap.

      --
      I still have more fans than freaks. WTF is wrong with you people?
    3. Re:So what's the potential threat? by whoever57 · · Score: 3, Funny

      Fear the Goatse printer virus.
      Oh, that is just pure evil! Imagine a printer that randomly inserted a small number of Goatse pages in its output.
      --
      The real "Libtards" are the Libertarians!
  2. Fool the black hats! by EmbeddedJanitor · · Score: 5, Funny

    Remove the toner from the printer and you only get white hats.

    --
    Engineering is the art of compromise.
  3. Hit it, The Paper by Digi-John · · Score: 3, Funny

    My dot-matrix parallel printer will never turn on me like that!
    Screeeeeeeech

    --
    Klingon programs don't timeshare, they battle for supremacy.
    1. Re:Hit it, The Paper by that+this+is+not+und · · Score: 2, Funny

      My favorite Dot Matrix printer was this big behemoth GE Terminet printer that I had full command of years back. I was writing Assembly Language code for 4-bit embedded controllers and had taken it for my very own, attached to the '286 machine I had glommed onto at the time. It was many-pages-per-minute fast. It would hurl paper up into the air when doing multiple page ejects. In fact, if you turned the PC off before the printer, for some odd reason the printer would interpret the signal on the cable as being infinite-page-ejects. It could throw many feet of paper up into the air before you could get to it to turn it off.

      It was, needless to say, quite a _fine_ printer.

  4. Re:Weakest Link by gotzero · · Score: 3, Funny

    Thankfully, all of the multi-function print centers I have at my job are never working long enough at one time to get hijacked. Maybe the horrible up-times were a gift from the manufacturers to prevent these attacks!

  5. Lol by Anonymous Coward · · Score: 2, Funny

    Im in ur bulbs, givin u seezures.

  6. Re:So what? by nih · · Score: 2, Funny

    At our institution, machines have unique names, unique passwords
    yes i'm sure they do, now stop worrying and calm down, the doctor will be here any second
    --
    I'm a rabbit startled by the headlights of life :(
  7. At my work (a bank)... by netsavior · · Score: 4, Funny

    We have a $45,000 high quality high volume scan/printer that is a paperweight.

    They purchased it for scanning confidential documents. The hitch is that there is only 1 way to get documents off of this printer: A public non-protected network share... This is basically against the law for a bank.

    I suggested that I could set up a private network and they could securely upload docs to the proper place with the right security, however that plan was nixed for being "non-standard"
    The result is that now they consult me when buying a pencil sharpener because they don't know how it will affect network security.

  8. Re:First virus by arth1 · · Score: 4, Funny

    Dunno if it was the first network printer hack, but I remember having great fun telnetting to our networked printers more than a decade ago, making the tiny LCD display say "Insert Coin".

  9. Re:First virus by Mister+Liberty · · Score: 3, Funny

    Dunno if it was the first network printer hack, but I remember having great fun telnetting to our networked printers more than a decade ago, making the tiny LCD display say "Insert Coin".
    You should have made that 'Sugar Y/N/Double'


  10. Re:ABout time by GNU(slash)Nickname · · Score: 4, Funny

    I doubt the banks DNS is going to give the laptop an IP Yep, pretty sure you're right about that.
  11. Re:First virus by Anonymous Coward · · Score: 4, Funny

    "Dunno if it was the first network printer hack, but I remember having great fun telnetting to our networked printers more than a decade ago, making the tiny LCD display say "Insert Coin"."

    Fun for you, sure. YOU didn't have to clean the coins out of the gears.

  12. Re:First virus by |Cozmo| · · Score: 3, Funny

    That's awesome. I did something similiar to the verifone credit card machine at my first job. I changed the "swipe card" prompt to say "access denied" and everyone thought the machine was broken. They didn't think it was nearly as funny as I did.

  13. AV by fester2001 · · Score: 2, Funny

    Upgrade now to Norton Anti virus 2008 to ensure your printer is safe.

  14. I DID THIS! by Cyno01 · · Score: 2, Funny

    Sort of. After a power outage, i hadnt rebuilt the settings on my wireless router. One day i went into my network places and there were a few new folders in there, as well as another shared printer. Checked the logs and sure enough "ScottsLaptop" or somebody was leeching my wireless. My own fault for not re-securing it, but i still printed several pages of goatse on his shared printer before i booted him off my network. Not really related at all, but a mildly amusing network printer story if there ever were such a thing.

    --
    "Sic Semper Tyrannosaurus Rex."
  15. Re:pr0n print by Hyperspite · · Score: 2, Funny

    Well? What did the department do with it? You can't just waste that...