NCC Group researchers have uncovered significant vulnerabilities in six commonly used enterprise printers, highlighting the vast attack surface that can be presented by internet-connected printers.
The research
Daniel Romero, managing security consultant and research lead, and Mario Rivas, security consultant at NCC Group, tested multiple aspects of six mid-range enterprise printers, including web application and web services and firmware and update capability, as well as carrying out hardware analysis.
Testing of the printers, manufactured by HP, Ricoh, Xerox, Lexmark, Kyocera and Brother, uncovered a wide range of vulnerability types using basic tools, some of which date back thirty or forty years. Some vulnerabilities were also uncovered within minutes of starting the research.
