Slashdot Mirror

← Back to Stories (view on slashdot.org)

Multifunction Printers — The Forgotten Security Risk?

Posted by ScuttleMonkey on from the just-start-with-locks-on-the-doors dept.

eweekhickins writes to share an article in eWeek highlighting the forgotten risks that a multifunction printer could possibly offer. Brendan O'Connor first called attention to the vulnerabilities of these new devices at a Black Hat talk in '06 and warns that these are no longer "dumb" machine sitting in the corner and should be treated with their own respective security strategy. "During his Black Hat presentation in 2006, O'Connor picked apart the security model of a Xerox WorkCentre MFP, showing how the device operated more like a low-end server or workstation than a copier or printer--complete with an AMD processor, 256MB of SDRAM and an 80GB hard drive and running Linux, Apache and PostGreSQL. He showed how the authentication on the device's Web interface can be easily bypassed to launch commands to completely hijack a new Xerox WorkCentre machine."

1 of 153 comments (clear)

  1. ABout time by geekoid · · Score: 0, Redundant

    when I did security work, the number one way to get into their systems was via printers.
    Nothing like sitting down and be into a banks system in less then 30 seconds.

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect