Significant Vulnerabilities Found in 6 Common Printer Brands

  /     /     /  
Publicated : 23/11/2024   Category : security


Significant Vulnerabilities Found in 6 Common Printer Brands


In a half-year project, two researchers tested six of the top enterprise printer brands and found vulnerabilities in every device, some of which allow remote execution.



A pair of researchers conducting a six-month survey of popular business printers discovered 49 vulnerabilities in the drivers and software running on the devices. Some of the issues could be remotely exploited to run code on the corporate technology, security firm NCC Group said on August 8.
The research, conducted by NCC researchers Mario Rivas and Daniel Romero, uncovered issues as mild as denial-of-service vulnerabilities and as serious as buffer overflows that could lead to remote code execution. The researchers notified the makers of the affected printers — from Brother, HP, Kyocera, Lexmark, Ricoh and Xerox — of the issues in February, and every manufacturer has patched the issues, NCC stated.
The researchers will walk hackers through their research — including threat modeling and how attackers could use printers to maintain persistence in a corporate network — at the DEF CON hacking conference in Las Vegas this weekend.
Because printers have been around for so long, theyre not seen as enterprise IoT devices — but theyre embedded in corporate networks and therefore pose a significant risk, Matt Lewis, research director at NCC Group, said in a statement. Building security into the development life cycle would mitigate most if not all of these vulnerabilities.
Printers have long been a target of vulnerability researchers and hackers. At the Black Hat Security Briefings in 2002, two security researchers demonstrated that HP printers
could be remotely exploited
using security weaknesses in a variety of access methods. In 2017, a graduate thesis presented a survey of the security flaws in printers and multifunction devices,
identifying more than 125 printer vulnerabilities in the National Vulnerability Database
dating back nearly 20 years.
Increasingly, printers are grouped into the broader class of Internet of Things (IoT) devices that can expose companies to attack.
Printers are commonly overlooked as devices that just print and not as the network devices they are, which implement a lot of capabilities and store really sensitive information — not only documents, but also domain credentials and other secrets, Romero and Rivas said in an e-mail interview. For this reason, we think that they are very interesting targets for attackers using them as the front door to compromise an organization.
Using some custom automated tools, the NCC Group research uncovered 49 vulnerabilities, as identified by their Common Vulnerability Enumeration (CVE) numbers. The researchers made extensive use of protocol fuzzing and plan to discuss one of their fuzzers at their DEF CON talk.
We focused our research on [certain] attack surfaces, such as specific printer protocols, services, or implementations, the researchers told
Dark Reading
. This is the reason why the different types of printer vulnerabilities found were often common across different brands. As far as we were able to identify, there werent common components between the different brands.
Brother printers had the fewest vulnerabilities, with three issues found, including two overflows and an information disclosure vulnerability. HP printers had five issues, including multiple buffer overflows, cross-site scripting, and a bypass for countermeasures implemented to prevent cross-site request forgery.
Xerox and Lexmark printers had eight and nine vulnerabilities, respectively, including multiple buffer overflows, cross-site scripting, and information disclosure. Both Ricoh and Kyocera printers had a dozen vulnerabilities each. All four of the most vulnerable printer brands lacked countermeasures to prevent cross-site request forgery.
The researchers noted that they only had time to determine the definite exploitability of a few of the issues.
NCC Group criticized the shortfalls in the security measures implemented by printer manufacturers software development teams.
Its very important that manufacturers continue to invest in security for all devices, just as corporate IT teams should guard against IoT-related vulnerabilities with even small change: changing default settings, enforcing secure configuration guides, and regularly updating firmware, Lewis said.
Businesses should pay more attention to their printers as potential points of attacks and as devices that could allow an attacker to stay resident inside a network, the NCC Group researchers said.
Related Content
Printers: The Weak Link in Enterprise Security
How Hackers Hit Printers
HP Launches Printer Bug Bounty Program
DDoS Flaw Found in Brother Printer
Why Printers Still Pose a Security Threat

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Significant Vulnerabilities Found in 6 Common Printer Brands