Multifunction Printers: The Forgotten Security Risk

Networked MFPs can introduce significant risk to your business.  Are you paying attention?

That networked multifunction printer sitting innocently in the corner of your office just might be the most significant entry point for hackers to hijack sensitive data from your business.
Even worse, security researchers warn, they are a forgotten risk in every enterprise, featuring hardware that combines several functions in a single unit-fax, copier, printer and scanner.
"A compromised [multifunction printer] is dangerous for a number of reasons. First and foremost, no one in the enterprise pays attention to them. That lack of visibility makes for a very attractive attack platform," said Brendan O'Connor, a researcher who was among the first to call attention to the printer security risk during a Black Hat talk in 2006.
"When I was doing my research, I had dozens and dozens of MFDs under my control, and no one in IT knew what I was doing. The idea of an attacker having equipment completely under their control on a company's internal network is a frightening proposition," O'Connor said in an interview with eWEEK.

eWEEK rates the most influential people in security. See who made the list.

The networked printers, scanners and copiers, he said, are no longer dumb machines sitting in a corner performing mundane tasks. In his mind, IT administrators should start paying serious attention to vulnerabilities and weaknesses in printers-and start preparing patch- and risk-management strategies.
O'Connor, who works in information security for a major financial services company, said printers should be treated the same as every other asset because, for businesses that depend on a paper trail, something as simple as a denial-of-service attack can be debilitating.
During his Black Hat presentation in 2006, O'Connor picked apart the security model of a Xerox WorkCentre MFP, showing how the device operated more like a low-end server or workstation than a copier or printer-complete with an AMD processor, 256MB of SDRAM and an 80GB hard drive and running Linux, Apache and PostGreSQL.
He showed how the authentication on the device's Web interface can be easily bypassed to launch commands to completely hijack a new Xerox WorkCentre machine.
"All the information that's being printed, scanned and faxed is susceptible to theft," O'Connor said. "Once under an attacker's control, it is simple to covertly save copies of other people's data on the machine's hard drive. With built-in network, fax/modem and network capabilities, there are a variety of ways to smuggle the stolen information out of an organization once it's been captured."

A Xerox spokesperson said that O'Connor had alerted the company of the vulnerability in January 2006, and that Xerox shipped a patch in Feburary 2006, several months before the Black Hat event.