Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/9/2019
01:00 PM
50%
50%

Significant Vulnerabilities Found in 6 Common Printer Brands

In a half-year project, two researchers tested six of the top enterprise printer brands and found vulnerabilities in every device, some of which allow remote execution.

A pair of researchers conducting a six-month survey of popular business printers discovered 49 vulnerabilities in the drivers and software running on the devices. Some of the issues could be remotely exploited to run code on the corporate technology, security firm NCC Group said on August 8.

The research, conducted by NCC researchers Mario Rivas and Daniel Romero, uncovered issues as mild as denial-of-service vulnerabilities and as serious as buffer overflows that could lead to remote code execution. The researchers notified the makers of the affected printers — from Brother, HP, Kyocera, Lexmark, Ricoh and Xerox — of the issues in February, and every manufacturer has patched the issues, NCC stated.

The researchers will walk hackers through their research — including threat modeling and how attackers could use printers to maintain persistence in a corporate network — at the DEF CON hacking conference in Las Vegas this weekend.

"Because printers have been around for so long, they're not seen as enterprise IoT devices — but they're embedded in corporate networks and therefore pose a significant risk," Matt Lewis, research director at NCC Group, said in a statement. "Building security into the development life cycle would mitigate most if not all of these vulnerabilities."

Printers have long been a target of vulnerability researchers and hackers. At the Black Hat Security Briefings in 2002, two security researchers demonstrated that HP printers could be remotely exploited using security weaknesses in a variety of access methods. In 2017, a graduate thesis presented a survey of the security flaws in printers and multifunction devices, identifying more than 125 printer vulnerabilities in the National Vulnerability Database dating back nearly 20 years.

Increasingly, printers are grouped into the broader class of Internet of Things (IoT) devices that can expose companies to attack.

"Printers are commonly overlooked as devices that just 'print' and not as the network devices they are, which implement a lot of capabilities and store really sensitive information — not only documents, but also domain credentials and other secrets," Romero and Rivas said in an e-mail interview. "For this reason, we think that they are very interesting targets for attackers using them as the front door to compromise an organization."

Using some custom automated tools, the NCC Group research uncovered 49 vulnerabilities, as identified by their Common Vulnerability Enumeration (CVE) numbers. The researchers made extensive use of protocol fuzzing and plan to discuss one of their fuzzers at their DEF CON talk.

"We focused our research on [certain] attack surfaces, such as specific printer protocols, services, or implementations," the researchers told Dark Reading. "This is the reason why the different types of printer vulnerabilities found were often common across different brands. As far as we were able to identify, there weren't common components between the different brands."

Brother printers had the fewest vulnerabilities, with three issues found, including two overflows and an information disclosure vulnerability. HP printers had five issues, including multiple buffer overflows, cross-site scripting, and a bypass for countermeasures implemented to prevent cross-site request forgery.

Xerox and Lexmark printers had eight and nine vulnerabilities, respectively, including multiple buffer overflows, cross-site scripting, and information disclosure. Both Ricoh and Kyocera printers had a dozen vulnerabilities each. All four of the most vulnerable printer brands lacked countermeasures to prevent cross-site request forgery.

The researchers noted that they only had time to determine the definite exploitability of a few of the issues.

NCC Group criticized the shortfalls in the security measures implemented by printer manufacturers' software development teams.

"It's very important that manufacturers continue to invest in security for all devices, just as corporate IT teams should guard against IoT-related vulnerabilities with even small change: changing default settings, enforcing secure configuration guides, and regularly updating firmware," Lewis said.

Businesses should pay more attention to their printers as potential points of attacks and as devices that could allow an attacker to stay resident inside a network, the NCC Group researchers said.

Related Content

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jessicasargent
50%
50%
jessicasargent,
User Rank: Apprentice
10/14/2019 | 3:11:35 AM
Printing problem
Your blog was so important for printer users. I have been using the Canon printer but I did not know so much about printer issues.When I read your article explanation at that time I gathered much knowledge about the printer. But sometimes <a href="https://printerssupport.co/canon-printer-printing-blank-pages/">Canon Printer Printing Blank Pages</a>.I changed the ink and also updated the printer drivers but could not get a proper solution.
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "The truth behind Stonehenge...."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-1936
PUBLISHED: 2021-03-02
A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.
CVE-2021-27904
PUBLISHED: 2021-03-02
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the &quot;all org&quot; flag sometimes provided view access to unintended actors.
CVE-2021-27901
PUBLISHED: 2021-03-02
An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021).
CVE-2021-21321
PUBLISHED: 2021-03-02
fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is &...
CVE-2021-21322
PUBLISHED: 2021-03-02
fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user expect that accessing...