August 20, 2019

Is Your Printer Cheating On You?

We talk a lot about hard-drive destruction to safely and securely destroy outmoded laptops and desktops, however, an area that’s been overlooked is the humble printer sitting in the corner. How can you avoid having a security leak in your office? A group of researchers from the NCC Group did a 6-month study on the top printer manufacturers 

The good news? Many of these have been patched. The bad news? If you haven’t updated your software, you could still be vulnerable. Here’s what they uncovered:

1) Buffering  – A buffer overflow occurs when a computer application attempts to assign information to a data structure past the point that the structure is designed to store information. Some vulnerabilities were found in Xerox printers and have since been patched. However, if you haven’t uploaded the latest patch, your printer could be vulnerable to attack.

2) Easy Passwords – Lexmark, Ricoh, and Xerox printers were lacking in an account lockout, so if an attacker keeps trying passwords until they get lucky, these printers were vulnerable. Make sure your passwords are strong and use a tool like LastPass to keep all your passwords straight. NEVER write your passwords on a sticky note where a hacker can easily see it on your desk or printer.

3) DoS Vulnerability – The NCC Group researchers discovered that some of the printers contained a DoS vulnerability in their Simple Network Management Protocol (SNMP) service. If exploited, this vulnerability could potentially cause the machine to crash.

Here are the results from the NCC Group’s testing. Be sure to send these along to your cyber-security team to sew up any vulnerabilities in your network:

• HP:
• Lexmark:
• Xerox:
• Kyocera:
• Brother:
• Ricoh:

And ALWAYS remember to use Ship n Destroy for the safe, secure destruction of old printers, laptops and desktops.