Friday, August 04, 2006

Security Flaws in Printer Software

I covered some reported security issues with HP's printer management software in my May Observations. Now Computerworld reports some similar-sounding concerns, this time around Xerox MFPs. The news comes from The Black Hat Conference, held this week in Las Vegas.

Brendan O'Connor, the "finder" of the problem (there might be a better descriptor of the type of people that "find" these problems), has some very interesting things to say about printers, MFPs, and copiers on our corporate LANs -- a familiar-sounding good news/bad news assessment that we in the industry have heard before.

"Think of all the sensitive data that's going through these," he said. "Everybody prints, and there's an inherent trust in these types of devices."

O'Connor said he was not trying to "pick on Xerox," but rather using his hack as a case study to draw attention to the security threat posed by increasingly powerful embedded devices.

"I don't think they're getting the level of scrutiny that they require," said O'Connor, who identified himself only as a security engineer who works at a U.S. financial services company.

"This is a Linux server wrapped in a copier box. These things are all over the enterprise," he said

No comments: