back to article Multifunction printer p0wnage just getting worse, researcher finds

It is now easier than ever to hack corporate networks through multifunction printers, which can even offer up access to Active Directory accounts according to security consultant Deral Heiland. The moustachioed Rapid 7 tech veteran said his team now gains access to corporate active directory credentials through credentials …

  1. Destroy All Monsters Silver badge
    Paris Hilton

    High end Konica Minolta, Sharp, Dell, Canon and HP enterprise multi function printers spewed usernames, email addresses and passwords from address books, even after some vendors released fixes.

    Presumably the Brother printers just straight-up cough-and-died?

  2. Zog_but_not_the_first

    How did my Epson dot matrix printer fare?


    1. bazza Silver badge

      Very good indeed.

      As per title!

  3. jake Silver badge

    Apparently ...

    ... corporations continue to accept and use "as shipped" configurations/passwords in live, working environments ...

    The mid 1980s just called, they want their exploits back.

    1. Anonymous Coward
      Anonymous Coward

      Re: Apparently ...

      >The mid 1980s just called, they want their exploits back.

      I was using a Commodore 64 then and hadn't even heard of TCP/IP. I had an Epson DM printer with a weird Centronics to serial interface which occasionally worked. Not sure what Metasploit would have made of my setup.

      Perhaps you mean the 90's?

      1. jake Silver badge

        @gerdesj (was: Re: Apparently ...)

        No, I mean the mid 1980s. That's when international corporations started using what we now know as "TehIntraWebTubes" for transportation of data.

        Prior to that, simple exploits based on as-shipped configuration was the norm in Uni and other research situations, but there wasn't really anything important online, so it didn't really matter. Try to remember, this was the time-frame when TCP/IP went from an open research network, built to research networking, to the publicly available, unreliable, and completely unsecurable cluster-fuck that TheGreatUnwashed[tm] latched onto to swap porn, cat pics, really bad videos, worse music, and the dreadful minutia of sad lives.

        I fully expect the (not very)"social" media set to downvote this post in droves.

    2. Anonymous Coward
      Anonymous Coward

      Re: Apparently ...

      It's not only default settings, if you read the articles there are also serious flaws in the printer firmware implmentations. They have now OS-like functionalities but are not designed and implemented to be secure enough.

      Frankly I prefer a "dumb" printer controlled by a remote print server running a real OS that gets regular Patches and have a full implementation of needed protocols, than a printer with a local embedded print server developed to be minimal and rarely updated.

      I also wonder how many administrator routinely check and upgrade devices firmware.

      1. jake Silver badge

        Re: Apparently ...

        "It's not only default settings, if you read the articles there are also serious flaws in the printer firmware implmentations."

        Firmware is a default setting by definition, LDS.

        How about instead we discuss the idiots allowing this kind of kit on corporate networks who don't understand why statefull firewalls exist?

  4. Hans 1

    Print servers is the answer ... these firmwares crumble under heavy load, are very buggy, and, as noted here, insecure ...


    Printers stop working after x pages (somewhere between 10 000 & 100 000) and need to be reset ... I am sure many offices just throw them away and get new ones when all you need is google to find the kung fu that makes them happy again. B@$t@Ⓡds.

    That and print cartridges containing ml's of ink cost as much as barrels of ink.


    1. Anonymous Coward
      Anonymous Coward

      Print servers is the answer.....

      And how do you scan to email, fax to email, email to fax etc using a print server?

      1. Warm Braw
      2. jake Silver badge

        @ Lost all faith...

        How do you do business with your entire system compromised thanks to some MoronInCharge[tm] purchasing printers without actually understanding corporate network security?

        Management listening to marketing doth not secure systems make ...

        1. Fatman

          Re: @ Lost all faith...

          Management Manglement listening to marketing doth not secure systems make ...


  5. Tom 35

    Just a small sample

    Of the proposed internet of things to come.

  6. Anonymous Coward
    Anonymous Coward

    you still fax!?

    how quaint :)

  7. Mad Hacker

    Is that a fez?

    Was I the only person who thought the picture of Deral Heiland had him wearing a fez? Not sure what that is behind him.

  8. channel extended

    Thanks to "Ease of use."

    The reason many company's went with high end printers is that they were developed in an era where the collective mania was for 'connections everywhere' and windows was not the good at multitasking. Not that it is much better now. The idea was to off load the processing time from the local machine to a remote. The lack of good networking pratices and design meant that it had to be done by a print server. This was then built in to these machines as a way of offering an all-in-one solution.

    Then came feature creep. Networks became more pervasive and wide spread, and managers with no idea of security began insisting ease of use and 'connections everywhere'. So the printer people helped out by adding a lot of features. Marketing loved it! And since it cost money to build-license the c&c for these machines they went with lowest bidder. Who cut security pratices out, because once again SECURITY IS HARD.

    Once again, people get what they pay for - and pay for what they get.

  9. John Smith 19 Gold badge

    Pwnd by a printer in HR.

    Am I the only person here thinking "Good?"

    And while I'm on the subject printers remotely accessible from the internet?

    Are their leasors (because the big stuff is not usually owned by the company) using some kind of f**ked up remote user support deal?

    1. Medixstiff

      Re: Pwnd by a printer in HR.

      Actually in our case, we have to allow the printer access out to Canon's print management people, however as we are smart, we only allow outbound traffic from the device no inbound to it.

      I know from experience, that our current crop of Canon's we use, the ir 3245, C4080, 6055 and C7055, when I exported and imported the mailboxes to keep them all the same, the password was blanked out, so I had to add it for every individual address in each phone book.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like