Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Printer Security

Printers Vulnerable To Security Threats 173

Posted by kdawson from the infected-my-what? dept.
jcatcw writes "Networked printers are more vulnerable to attack than many organizations realize. Symantec has logged vulnerabilities in five brands of network printers. Printers outside firewalls, for ease of remote printing, may also be open to easy remote code execution. They can be possible launching pads for attacks on the rest of the network. Disabling services that aren't needed and keeping up with patches are first steps to securing them." From the article: "Security experts say that printers are loaded with more complex applications than ever, running every vulnerable service imaginable, with little or no risk management or oversight.... [N]etworked printers need to be treated like servers or workstations for security purposes — not like dumb peripherals."
This discussion has been archived. No new comments can be posted.

Printers Vulnerable To Security Threats More

Printers Vulnerable To Security Threats

Comments Filter:

  • Try it out (Score:5, Interesting)

    by delirium of disorder ( 701392 ) on Thursday January 18, 2007 @12:22PM (#17664730) Homepage Journal
    Over the past several years, if you did a random port scan of the Internet (nmap -iR) the majority of open telnet (tcp port 23) servers were print servers that let you telnet in and change all sorts of settings.

  • Happened before (Score:2, Interesting)

    by CapitalT ( 987101 ) on Thursday January 18, 2007 @12:26PM (#17664786) Homepage
    Anyone remember the story about the guy who wrote a "visual basic" virus to send the O RLY owl to all printers in the company?

    Maybe we'll see a lot of these coming, it'll be fun *hee hee hee* {devilish laugh}. I don't have a printer }:-]

  • Re:What are they going to do... (Score:3, Interesting)

    by Calinous ( 985536 ) on Thursday January 18, 2007 @12:27PM (#17664802)
    Taking a snapshot of everything that is printed, and mail it to an interesting party?
    Altering what is printed? Change amounts on printed spreadsheets, change destination for item transfers, and other "creative uses"

  • Re:Identifying viruses (Score:2, Interesting)

    by chunews ( 924590 ) on Thursday January 18, 2007 @12:29PM (#17664846)
    In my experience, that virus - printing page after page of funny characters - is a human one, from someone trying to print a PCL formatted file to a PostScript printer or vice versa.

  • Campus Printers (Score:4, Interesting)

    by cpearson ( 809811 ) on Thursday January 18, 2007 @12:30PM (#17664868) Homepage
    On many if not most college campuses the printers are administered and accounted for my a system tied to a student id. Each student can get so many free prints per semester and can pay per print after exceeding that. Malicious code executing on a print server could sniff all the student accounts accessing the printer.

    http://www.vistahelpforum.com/ [vistahelpforum.com]

  • This is what happened to Iraq. (Score:3, Interesting)

    by darkmeridian ( 119044 ) <william.chuangNO@SPAMgmail.com> on Thursday January 18, 2007 @12:30PM (#17664884) Homepage
    Laugh if you want, but this was what happened to Iraq on the eve of the Gulf War. A modified printer was put onto their defense computer network by an Allied operative. Right when the air war started, the bug fired up and brought down the network. Just because a threat sounds outlandish does not mean it isn't a real threat.

    (The story was recounted in The Generals' War.)

  • How FUDtastic!!! (Score:2, Interesting)

    by Anonymous Coward on Thursday January 18, 2007 @12:35PM (#17664980)
    Symantec is really grasping at straws here. In the age of internet security, why anyone would put a printer outside the firewall is too far beyond me to comprehend. Any firewall admin should be able to put rules in place for remote printing. And for that matter, why does any one need to remotely print? Anybody heard of email? Ol' deskjet at home too slow? Users in the office too lazy? Too many pebcak errors? Remote printing may be the most worthless of the worthless network setups. Also, why are people not using external secure computing devices. This stuff is not that expensive for the return it gives.
    Symantec is quaking in its boots and instead of shouting fire in a theater they should be looking at what they have and capitalizing on it. Why else would they buy Veritas? I'm sure it wasn't because it they wanted to add AV to it.

  • Toner and Ink Cartridge companies look to exploit. (Score:2, Interesting)

    by Radon360 ( 951529 ) on Thursday January 18, 2007 @12:37PM (#17664998)

    Imagine those companies that sell expensive toner and ink cartridges pairing up with someone to write some malicious code to burn through your printing supplies faster.

    It won't be long before you hear about something like the "Page_Blackout" or "Toner_Drain" worm.

  • Re:Unless... (Score:5, Interesting)

    by Jeremiah Cornelius ( 137 ) * on Thursday January 18, 2007 @12:38PM (#17665014) Homepage Journal
    We used these REGULARLY to exploit banks, in our testing.

    The high-end HPs had both harddisk, and a JVM with listening socket on port 80. WHeee!

  • Re:This is news? (Score:2, Interesting)

    by Anonymous Coward on Thursday January 18, 2007 @12:43PM (#17665086)
    It seems like an innocent trick, but I once cost a company thousands. They had one printer that was cleared by the NSA for printing classified documents -- it didn't store the things it printed in RAM, or it had some approved method of obfuscating its RAM, or some shit.

    I started dicking around with the PCL "ready" message, and they realized that it COULD store data -- in the "ready" message.

    New printer, ahoy!

  • Re:Try it out (Score:4, Interesting)

    by advocate_one ( 662832 ) on Thursday January 18, 2007 @12:49PM (#17665152)
    More likely a stripped down Linux... I assisted a service agent a couple of years ago and the fancy photocopier, scanner, faxer, emailer (it could scan and send the scans as emails... very useful) beast showed a Linux boot up sequence while booting into safe mode (he knew the secret jumper to set for this mode)... Also, my HP PSC1350 is running Linux, I know this because when I was installing Debian on my computer a few months ago, I had the printer connected and powered up and the Debian installer wanted to know if I wanted to install debian onto the ext2 partition it had found on the printer (connected via USB). I was rather surprised and thankfully I hadn't blindly accepted it.

  • Re:Try it out (Score:3, Interesting)

    by Mister Whirly ( 964219 ) on Thursday January 18, 2007 @01:23PM (#17665784) Homepage
    If I find an open printer with out an admin password set, I generally will go in and keep changing the language to Portuguese or German on the control panel. It is mostly harmless, and points out the fact that someone can go in and easily change their settings. Some control panels even let you display a custom message. On those I have it read "CHANGE YOUR ADMIN PASSWORD NOW!" or "I AM NOT SECURE!"

  • Hacking Embedded Network Systems (Score:4, Interesting)

    by nuckfuts ( 690967 ) on Thursday January 18, 2007 @01:41PM (#17666148)

    FX of Phenoelit gave an amazing talk on this at CanSecWest/core03 back in 2003 that outlined how to turn a JetDirect printer into a webserver, fileserver or even a port scanner! We all had a huge chuckle at the thought of someone tracking down a port scanner on the network only to find it was coming from an HP printer.

    The entire presentation is still available online in both PDF [cansecwest.com] and PPT [cansecwest.com] format.

    The tools used to hack the printers are available here [phenoelit.de].

  • Re:Unless... (Score:5, Interesting)

    by FooAtWFU ( 699187 ) on Thursday January 18, 2007 @02:09PM (#17666680) Homepage
    My school, before the Great Firewalling of its network a few years ago, had its printers open to the whole Internet. Apparently someone hacked into one and used it as an FTP server for warez and porn. And it still worked as a printer. :)

    Of course, this also means that I can't stick up a website for the world from my laptop anymore, either. =/ Ah well.

Slashdot Top Deals

An authority is a person who can tell you more about something than you really care to know.

Close