Multifunction Printers — The Forgotten Security Risk?

← Back to Stories (view on slashdot.org)

Multifunction Printers — The Forgotten Security Risk?

Posted by ScuttleMonkey on Wednesday February 13, 2008 @09:47AM from the just-start-with-locks-on-the-doors dept.

eweekhickins writes to share an article in eWeek highlighting the forgotten risks that a multifunction printer could possibly offer. Brendan O'Connor first called attention to the vulnerabilities of these new devices at a Black Hat talk in '06 and warns that these are no longer "dumb" machine sitting in the corner and should be treated with their own respective security strategy. "During his Black Hat presentation in 2006, O'Connor picked apart the security model of a Xerox WorkCentre MFP, showing how the device operated more like a low-end server or workstation than a copier or printer--complete with an AMD processor, 256MB of SDRAM and an 80GB hard drive and running Linux, Apache and PostGreSQL. He showed how the authentication on the device's Web interface can be easily bypassed to launch commands to completely hijack a new Xerox WorkCentre machine."

8 of 153 comments (clear)

Min score:

Reason:

Sort:

So what's the potential threat? by daveywest · 2008-02-13 09:50 · Score: 5, Funny

Are we going to have a bot net of machines that print our spam for us?
1. Re:So what's the potential threat? by Adriax · 2008-02-13 09:52 · Score: 4, Funny
  
  Fear the Goatse printer virus.
  
  --
  I don't suffer from insanity, I enjoy every minute of it!
2. Re:So what's the potential threat? by AuMatar · 2008-02-13 10:00 · Score: 4, Funny
  
  No, they print out a ransom note, demanding $1,000,000,000 or they'll print out all our spam. Management will pay, because at the current cost of ink the billion is cheap.
  
  --
  I still have more fans than freaks. WTF is wrong with you people?
Fool the black hats! by EmbeddedJanitor · 2008-02-13 09:53 · Score: 5, Funny

Remove the toner from the printer and you only get white hats.

--
Engineering is the art of compromise.
At my work (a bank)... by netsavior · 2008-02-13 10:45 · Score: 4, Funny

We have a $45,000 high quality high volume scan/printer that is a paperweight.

They purchased it for scanning confidential documents. The hitch is that there is only 1 way to get documents off of this printer: A public non-protected network share... This is basically against the law for a bank.

I suggested that I could set up a private network and they could securely upload docs to the proper place with the right security, however that plan was nixed for being "non-standard"
The result is that now they consult me when buying a pencil sharpener because they don't know how it will affect network security.
Re:First virus by arth1 · 2008-02-13 11:02 · Score: 4, Funny

Dunno if it was the first network printer hack, but I remember having great fun telnetting to our networked printers more than a decade ago, making the tiny LCD display say "Insert Coin".
Re:ABout time by GNU(slash)Nickname · 2008-02-13 12:00 · Score: 4, Funny

I doubt the banks DNS is going to give the laptop an IP Yep, pretty sure you're right about that.
Re:First virus by Anonymous Coward · 2008-02-13 12:25 · Score: 4, Funny

"Dunno if it was the first network printer hack, but I remember having great fun telnetting to our networked printers more than a decade ago, making the tiny LCD display say "Insert Coin"."

Fun for you, sure. YOU didn't have to clean the coins out of the gears.