New printer security flaws affect most major brands

It’s not just mobile devices, servers and PCs that IT needs to worry about when it comes to security. Office printers can create their own headaches – and new printer security vulnerabilities could put businesses at risk, says one researcher. 

ViaForensics’ Sebastián Guerrero has discovered vulnerabilities in a common printer component that could leave many companies open to an attack.

The four flaws, detailed Guerrero in a blog post, exist in the technology many printers use to communicate with other devices on the network. The technology, known as JetDirect, was developed by HP but is used by most major printer brands.

The bugs could be exploited by hackers to cause printers to crash by launching a denial of service attak, or even to access sensitive documents by reading printer memory or diverting print jobs to other machines.

This is certainly isn’t the first example of a known printer security vulnerability, and it probably won’t be the last, as printers remain an often-overlooked back door onto organizations’ networks. Guerrero has notified HP of the JetDirect vulnerabilities, but he can’t say how the manufacturer has respondent and when or if a fix will be coming.

Printer security keys

In the meantime IT can follow some printer security best practices to protect data from these and other vulnerabilities affecting printers, copiers and scanners:

  • Make sure all devices have the latest firmware installed
  • Close unnecessary ports and make sure printers can’t be accessed from the Internet
  • Change default passwords and consider requiring user authentication in departments that deal with a lot of sensitive data
  • Encrypt jobs as they’re sent and use printers that encrpt stored data
  • Make printer security an essential consideration when machines are chosen in the future, and
  • Take care to erase all data from printers, copiers, scanners and multifunctional devices before they’re resold or returned to a leasing agent.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy