Multifunction printers may threaten network security

Office workers, beware: the Internet-ready multifunction printer (MFP) may turn out to be the weakest link in your network’s security.

Security researcher Deral Heiland demonstrated various ways to compromise Internet-ready consumer-grade multifunction printers, according to an article posted on PC World.

In a talk at this summer’s DefCon 19 conference, he said vulnerable devices included include printers that can scan to a file, scan to email, and fax documents.

Even changing the MFP’s default passwords “will only slow down a very persistent criminal," the PC World article added.

But Heiland also announced the release of a new penetration testing tool called PRAEDA, which he said is Latin for “to plunder, spoils of war, booty."

“The tool, in the right hands, can help IT administrators discover multifunction printer vulnerabilities on their network, with modules for each of the vendors cited above. The release of the tool will also undoubtedly put pressure on the printer manufacturers to patch or fix these multifunction printer problems entirely," PC World said.

At DefCon 19, Heiland demonstrated changing the default Toshiba printer password from 123456 to something unique will not deter a criminal, who can simply add an extra backslash to the URL to gain administrator access to the device.

For the HP OfficeJet printer, copying the URL from the printer login page and then add “page=“ to the end when you paste it back in “will bypass any new passwords that have been added to those printers."

In other cases, basic coding flaws can also expose sensitive information such as passwords, as in the case of the HP Officejet multifunction page.

“Heiland said he was able to right-click the page in Firefox in order to see the plaintext of the password normally hidden by black dots. The same, he said, was true on the Toshiba models he’d tested," PC World said.

Also, Heiland noted attackers can access internal address books that some office printers use to route faxes and scanned documents to the individual workstations.

“If you click to the Home page tab, Heiland said your computer will receive a cookie that allows you to retrieve the plaintext address book from the printer," PC World said.

Heiland said that while Canon fixed this vulnerability on most of its Image Runner line, he found two models that still allowed for this particular hack to work.

Another attack uses the backup feature on the printer, where in the case of Lexmark and Xerox printers, Heiland said the backups exported the account passwords in plain text.

Still another attack redirected the test pages that most printers print out by intercepting the Lightweight Directory Access Protocol (LDAP) in a sort of man-in-the-middle attack. — TJD, GMA News