The pressetext news agency has reported on a warning against security caps caused in IT networks by multi-purpose network printers and copying machines. This is the conclusion drawn by security experts at last week´s Black-Hat-conferences in Las Vegas. In a public presentation, Mr. Brendan O´Connor, who is an IT security expert, demonstrated that such devices can easily be taken control of by potential attackers. “It is important to stop considering these devices as printers. It is rather necessary to equip them with security devices as is the case with servers or workstations” warned Mr. O´Connor at the conference.
By taking control over a multi-purpose device manufactured by Xerox, Mr. O`Connor was able to obtain access to any piece of information being printed out, copied or faxed from the device in question. Other kinds of attacks such as modifications of the printed or faxed documents are possible too. Furthermore the expert pointed out that such security gaps can also be found with products by other manufacturers. Most of the time the security risks involved are due to the so-called Boot-technology which is applied in the installation of the corresponding device software. Other potential weaknesses, according to the expert, are the web interface and network-based management protocols of the devices in question.