Deb Radcliff in last week’s Computerworld writes about exploits to networked printers that can propagate Bad Stuff across your enterprise.
As networked printers become more network-capable, and as network attachments become cheaper and proliferate for homes and small businesses, this is becoming a bigger issue. And while this isn’t news to many security researchers, it may be to others and worth spending some time making sure you aren’t vulnerable.
Printers now run their own Web servers to keep track of their supplies and page counts, and even have hot links from these pages to directly order supplies. When I first started keeping track of these things in the early 1990s, it seemed like a good idea to have the built-in Web server, a way to easily manage your printer across the network.
Now I am not so sure, especially as the number of exploits for networked printers continues to mount, at least according to Symantec’s statistics. Clearly, this hasn’t gone unnoticed in the hacker community either.
A quick check of SecurityFocus.com with a search on say, Xerox, and you’ll find dozens of exploits that come up. Now to be fair, Xerox has issued patches for many of these and most of the ones shown are years old. But still.
If you have a networked printer, check to make sure your have upgraded its firmware to the current version. Most of the major printer manufacturers have ways to do mass upgrades of their fleet, such as using HP’s Web JetAdmin tool. And if you have ways to turn off services that you don’t need on the printer, do so now.