Patch your internet-connected printer! Serious vulnerabilities discovered

I’ll bet most printers never get an update throughout their entire lifetime, and many are left with default login credentials. Time to change that…:

[…] Printers, just like any other IoT-enabled device, need to be secured, and updated with the latest firmware and patches to prevent a successful hacker attack.

That’s the message which comes through loud and clear following the announcement by security researchers at NCC Group that they had uncovered multiple security holes in printers manufactured by HP, Ricoh, Xerox, Lexmark, Kyocera, and Brother.

The wide range of vulnerabilities could be exploited by malicious attackers to cause printers to crash, or – potentially more seriously – open backdoors to corporate networks, spy on print jobs, or even send sensitive printouts to unauthorised parties.

Specifically, NCC Group tested the HP Color LaserJet Pro MFP M281fdw, Ricoh SP C250DN, Xerox Phaser 3320, Brother HL-L8360CDW, Lexmark CX310DN, and the Kyocera Ecosys M5526cdw. But it’s possible similar vulnerabilities existed – or may even still exist – in other models.


Original article here