Is your office printer putting your business at risk of attack?

(Image credit: TeroVesalainen / Pixabay)

Some of the most popular printers in use today could be putting users at risk due to serious security vulnerabilities.

Researchers at the NCC Group have discovered significant vulnerabilities in six commonly used enterprise printers which could open up organizations to potential attacks and data breaches.

The vulnerabilities were uncovered after the team tested multiple aspects of six mid-range enterprise printers including web application and web services, firmware and update capabilities and hardware analysis.

The team tested printers from HP, Ricoh, Xerox, Lexmark, Kyocera and Brother using basic tools to reveal a wide range of vulnerabilities with some emerging almost instantly.

Internet-connected printers

If the vulnerabilities were exploited by attackers, the potential impact could range from denial of service attacks that could cause the printers to crash, backdoors that would allow attackers to maintain a hidden presence on an enterprise network or even the ability to spy on every print job sent and to send print jobs through to unauthorized parties.

Thankfully though, all of the vulnerabilities discovered by NCC Group have either been patched or will be in the near future. However, the firm is advising all system administrators to update all vulnerable printers with the latest firmware and to monitor further updates.

Research director at the NCC Group, Matt Lewis provided additional insight on the researchers' findings, saying:

“Because printers have been around for so long, they’re not seen as enterprise IoT devices—but they’re embedded in corporate networks and therefore pose a significant risk. Building security into the development lifecycle would mitigate most if not all of these vulnerabilities."

"It’s very important that manufacturers continue to invest in security for all devices, just as corporate IT teams should guard against IoT-related vulnerabilities with even small change: changing default settings, enforcing secure configuration guides and regularly updating firmware.” 

In a statement to TechRadar Pro, HP said the company, "has posted firmware updates to address potential vulnerabilities to some of its Color LaserJet series."

"HP encourages customers to keep their systems updated to protect against vulnerabilities. "