Multifunction printers may threaten network security
Office workers, beware: the Internet-ready multifunction printer (MFP) may turn out to be the weakest link in your networkâs security. Security researcher Deral Heiland demonstrated various ways to compromise Internet-ready consumer-grade multifunction printers, according to an article posted on PC World. In a talk at this summerâs DefCon 19 conference, he said vulnerable devices included include printers that can scan to a file, scan to email, and fax documents. Even changing the MFPâs default passwords âwill only slow down a very persistent criminal," the PC World article added. But Heiland also announced the release of a new penetration testing tool called PRAEDA, which he said is Latin for âto plunder, spoils of war, booty." âThe tool, in the right hands, can help IT administrators discover multifunction printer vulnerabilities on their network, with modules for each of the vendors cited above. The release of the tool will also undoubtedly put pressure on the printer manufacturers to patch or fix these multifunction printer problems entirely," PC World said. At DefCon 19, Heiland demonstrated changing the default Toshiba printer password from 123456 to something unique will not deter a criminal, who can simply add an extra backslash to the URL to gain administrator access to the device. For the HP OfficeJet printer, copying the URL from the printer login page and then add âpage=â to the end when you paste it back in âwill bypass any new passwords that have been added to those printers." In other cases, basic coding flaws can also expose sensitive information such as passwords, as in the case of the HP Officejet multifunction page. âHeiland said he was able to right-click the page in Firefox in order to see the plaintext of the password normally hidden by black dots. The same, he said, was true on the Toshiba models heâd tested," PC World said. Also, Heiland noted attackers can access internal address books that some office printers use to route faxes and scanned documents to the individual workstations. âIf you click to the Home page tab, Heiland said your computer will receive a cookie that allows you to retrieve the plaintext address book from the printer," PC World said. Heiland said that while Canon fixed this vulnerability on most of its Image Runner line, he found two models that still allowed for this particular hack to work. Another attack uses the backup feature on the printer, where in the case of Lexmark and Xerox printers, Heiland said the backups exported the account passwords in plain text. Still another attack redirected the test pages that most printers print out by intercepting the Lightweight Directory Access Protocol (LDAP) in a sort of man-in-the-middle attack. â TJD, GMA News