Old Printer Vulnerabilities Die Hard
Printers, security researchers say, are the Achilles Heel for network management. They sit on the network like a PC and need regular updating like any other network endpoint – but often don’t.
“Too often nobody cares enough about printers. They are considered a trusted and reliable piece of equipment that print out documents. But at the end of the day, it’s an endpoint – just like a PC. They are Wi-Fi enabled with an IP address and a network interface card,” said Paolo Emiliani, industry and SCADA research analyst at Positive Technologies.
In many ways, he said, the printer is the original IoT device; and with it have come similar security issues.
The challenge is two-fold, he explained. Too often aging corporate printers aren’t receiving security patches needed. In addition newer cloud-friendly printers, such as those with remote management functions, are growing the attack surface of the latest generation of printers.
“In 2005 we began seeing printers becoming truly network attached devices and not just direct attached or USB attached device connected to a PC or server,” said Eric McCann, software product marketing manager at Lexmark International. “Almost overnight, printers became multifunction and had access to everything on the network.”
Matt Field, software development manager at Lexmark, said the introduction of a multifunction printer opened the door and grew demand for things such as document digitization. That prompted workers to send jobs to a shared server or to email digital copies.
Today, that network-aware printer is now internet-aware and creating new opportunities for cloud services and for advanced features such as remote management by third-party service providers.
“This has brought an entirely new set of security risks to the equation,” said Field. “Printers went from direct attached, network attached and now entire fleets of printers can be managed via the cloud through a single portal.”
Photo by Patrick Lindenberg
Read the full article here: https://threatpost.com/old-printer-vulnerabilities-die-hard/139318/