Multifunction Printers — The Forgotten Security Risk?

eweekhickins writes to share an article in eWeek highlighting the forgotten risks that a multifunction printer could possibly offer. Brendan O'Connor first called attention to the vulnerabilities of these new devices at a Black Hat talk in '06 and warns that these are no longer "dumb" machine sitting in the corner and should be treated with their own respective security strategy. "During his Black Hat presentation in 2006, O'Connor picked apart the security model of a Xerox WorkCentre MFP, showing how the device operated more like a low-end server or workstation than a copier or printer--complete with an AMD processor, 256MB of SDRAM and an 80GB hard drive and running Linux, Apache and PostGreSQL. He showed how the authentication on the device's Web interface can be easily bypassed to launch commands to completely hijack a new Xerox WorkCentre machine."

Re:It ain't news.

[flink]

Many larger/more sophisticated printers these days have a "print to mailbox" option that causes the document to remain spooled on the printer indefinitely instead of immediately printed. You have to be physically at the printer and enter your user ID and PIN to start your print job. So that mitigates the hanging around the printer attack, still doesn't help if the printer gets r00ted though.

Re:First virus

[Trogre]

It means that some moron has sent a job to the printer in US Letter again. Just hit OK to have it print from the A4 tray.