A team of researchers claim to have discovered numerous security vulnerabilities in at least 20 network printer models by major name brands. According to the findings, one of the potential exploits could allow hackers to easily steal information that was only intended to be printed as a hard copy.
Jens Müller, along with two other researchers at the Ruhr University Bochum, wrote about their findings yesterday in a blog post. They also released a Wiki page and an open-source toolkit, which can be used to either take advantage of the security flaws or test if a printer is vulnerable.
As first pointed out by ZDNet, the team worked on the project for about a year and are just letting the public know about their findings. Dell, HP, Lexmark, Brother, Samsung and other companies all have models that are affected by the bug. Here's a chart of the devices Müller's team has identified:
Chart: Web in Security
As you can see from the chart, the researchers claim that a given printer could be locked up by a DDoS attack or be reset to its factory defaults. More troubling, however, is the ability to capture potentially sensitive documents as they're being sent as a print job. In a worst case scenario, the researchers say a hacker could use the printer as an entry point to pull an organisation's network credentials and gain higher levels of access.
Müller told ZDNet that he needed a subject for his master's thesis and noticed that there are very few scientific papers on printer security. He also said the bugs they are calling attention to aren't new -- they're mostly just overlooked.
Gizmodo contacted cybersecurity expert Kenneth White, co-director of the Open Crypto Audit Project, who verified that the findings appeared to be "very legitimate work". Though he has not personally reviewed the toolkit, he told us that the "authors are well known and respected in the community".
Financial limitations prevented the team from testing more printers. While HP has the most models on the chart with its LaserJet 1200 and 4200n sitting at the top, it might just be a case of that manufacturer's models being the easiest to acquire for testing. That's where the toolkit comes in. As more people experiment with it, hopefully a larger list of known problems will come out. It also means, however, that anyone with determination can easily take advantage of the bugs. That's not ideal, but as White noted, "By packaging it in this fashion, the researchers are punctuating the fact that most printer vendors have a poor track record in keeping their devices updated."
The team says they contacted all of the affected vendors back in October and Dell was the only one to reply. According to Müller, manufacturers wouldn't be held liable for a breach because the "standard is flawed".
Gizmodo reached out to the manufacturers that were identified but had not received responses from most at time of writing. Both Lexmark and HP have informed us they are looking into it.