Technology
Turns out your office printer is a huge cybersecurity risk
Consider the office printer.
Massive, hulking things — the devices looming in the corner of workplaces around the world have come to represent untold hours of frustration in the form of printer jams and toner problems. According to security researchers set to present their findings this Saturday at the DEF CON hacking convention in Las Vegas, they also happen to be a cybersecurity nightmare.
Daniel Romero Pérez and Mario Rivas Vivar, researchers at NCC Group, announced the discovery of major vulnerabilities on Thursday in name-brand printers made by the likes of Xerox, HP, Lexmark, Kyocera, Brother, and Ricoh. NCC Group shared some of the researchers’ findings with Mashable ahead of the aforementioned Aug. 10 talk, and they’re enough to elicit serious double take.
“These flaws could be used by criminals as to gain long-term backdoor access into companies for possibly years on end, allowing them to come and go as they please, undetected, stealing sensitive data,” a spokesperson explained to Mashable over email. “What’s more, criminals can spy on every print job and even send documents being printed to themselves or other unauthorized third parties.”
Which — considering the type of data important enough to require a backup hard copy —doesn’t sound good.
Interestingly, this announcement follows news that a Russian hacking team exploited unchanged default passwords in office printers this April in an attempt to gain access to sensitive corporate info.
Thankfully, Pérez and Vivar were able to get in touch with the six manufacturers in question and “most of the issues” they discovered have been patched — albeit in the case of an unnamed few companies, it took months of effort to reach them.
Unnervingly, the two researchers found “high risk issues” in all six of the printers they tested.
“We stopped searching after a few vulnerabilities,” notes a slide from their forthcoming presentation. “There are probably more.”
It seems that, even in an online world, relics from the time when paper reigned supreme can still bite you in the ass. You’ve been warned.
What Robert Durst did: Everything to know ahead of ‘The Jinx: Part 2’
CesiumAstro claims former exec spilled trade secrets to upstart competitor AnySignal
Langdock raises $3M with General Catalyst to help businesses avoid vendor lock-in with LLMs
“Hanky Panky” review: A deeply delirious stoner comedy
Internet users are getting younger; now the UK is weighing up if AI can help protect them
Taylor Swift’s ‘The Tortured Poets Department’ rollout reveals her inability to trust the listener
Dating culture has become selfish. How do we fix it?
Screen Skinz raises $1.5 million seed to create custom screen protectors
Consumer Financial Protection Bureau fines BloomTech for false claims
‘Big is moving to Paris’: Carrie Bradshaw discourse reignites as ‘Sex and the City’ hits Netflix
Apple sued, Microsoft’s AI ambitions and Nvidia’s surprises
Lordstown Motors’ ousted CEO settles with SEC for misleading investors
TechCrunch Mobility: The wheels are starting to come off the Fisker EV bus
DOJ’s Apple antitrust case neatly aligns with EU on one key point: NFC and mobile payments
Amazon Big Spring Sale 2024: Shop 350+ deals on Apple, robot vacuums, security cameras, more
What is the three-body problem in ‘3 Body Problem’?
API startup Noname Security nears $500M deal to sell itself to Akamai
US think tank Heritage Foundation hit by cyberattack
Maju Kuruvilla is out as CEO of one-click checkout company Bolt
NASA discovered bacteria that wouldn’t die. Now it’s boosting sunscreen.
What Robert Durst did: Everything to know ahead of ‘The Jinx: Part 2’
CesiumAstro claims former exec spilled trade secrets to upstart competitor AnySignal
Langdock raises $3M with General Catalyst to help businesses avoid vendor lock-in with LLMs
“Hanky Panky” review: A deeply delirious stoner comedy
Internet users are getting younger; now the UK is weighing up if AI can help protect them
Taylor Swift’s ‘The Tortured Poets Department’ rollout reveals her inability to trust the listener
Dating culture has become selfish. How do we fix it?
Screen Skinz raises $1.5 million seed to create custom screen protectors
Consumer Financial Protection Bureau fines BloomTech for false claims
‘Big is moving to Paris’: Carrie Bradshaw discourse reignites as ‘Sex and the City’ hits Netflix
-
Entertainment7 days agoNASA discovered bacteria that wouldn’t die. Now it’s boosting sunscreen.
-
Business6 days agoTesla drops prices, Meta confirms Llama 3 release, and Apple allows emulators in the App Store
-
Business5 days agoTechCrunch Mobility: Cruise robotaxis return and Ford’s BlueCruise comes under scrutiny
-
Entertainment6 days ago‘The Sympathizer’ review: Park Chan-wook’s Vietnam War spy thriller is TV magic
-
Business4 days agoTesla layoffs hit high performers, some departments slashed, sources say
-
Business5 days agoMeta to close Threads in Turkey to comply with injunction prohibiting data-sharing with Instagram
-
Entertainment4 days agoChatGPT vs. Gemini: Which AI chatbot won our 5-round match?
-
Business3 days agoFormer top SpaceX exec Tom Ochinero sets up new VC firm, filings reveal
