Some of the most popular printers in use today could be putting users at risk due to serious security vulnerabilities.
The vulnerabilities were uncovered after the team tested multiple aspects of six mid-range enterprise printers including web application and web services, firmware and update capabilities and hardware analysis.
- Printer security a major worry in the education sector
- Sharp boosts printer security with new launches
- Your printer: it's a vulnerable, connected device
The team tested printers from HP, Ricoh, Xerox, Lexmark, Kyocera and Brother using basic tools to reveal a wide range of vulnerabilities with some emerging almost instantly.
If the vulnerabilities were exploited by attackers, the potential impact could range from denial of service attacks that could cause the printers to crash, backdoors that would allow attackers to maintain a hidden presence on an enterprise network or even the ability to spy on every print job sent and to send print jobs through to unauthorized parties.
Thankfully though, all of the vulnerabilities discovered by NCC Group have either been patched or will be in the near future. However, the firm is advising all system administrators to update all vulnerable printers with the latest firmware and to monitor further updates.
Research director at the NCC Group, Matt Lewis provided additional insight on the researchers' findings, saying:
“Because printers have been around for so long, they’re not seen as enterprise IoT devices—but they’re embedded in corporate networks and therefore pose a significant risk. Building security into the development lifecycle would mitigate most if not all of these vulnerabilities."
"It’s very important that manufacturers continue to invest in security for all devices, just as corporate IT teams should guard against IoT-related vulnerabilities with even small change: changing default settings, enforcing secure configuration guides and regularly updating firmware.”
In a statement to TechRadar Pro, HP said the company, "has posted firmware updates to address potential vulnerabilities to some of its Color LaserJet series."
"HP encourages customers to keep their systems updated to protect against vulnerabilities. "
- We've also highlighted the best printers of 2019