Adding yet another device on the list of things to defend against hackers: The humble printer.

In two conference scheduled for separate presentation Shmoocon hacking in Washington, DC, next week, the scientists showed how hackers use to compromise the company’s computer network printers. Presentation will show how bad printers can be secured together even to function as an online repository for cybercriminals.

In the past decade, many units were general office new functionality-day surprise, some printers to send and receive e-mails and even surfing the Internet. But Heiland says lead supervision, an independent security consultant to provide one of the presentations, producers did not provide security nearly the attention it deserves because of the new features. “The devices have gone from being a standard, simple printers came on the web to the point where they are fully integrated into the business environment,” said Heiland. “And the integration is what makes them hard to target premium.”

were inspired by Heiland, who works as a “penetration test” or a person trying to hack into a corporate network, under controlled conditions, to see printer errors and configuration issues.
Advertising

At Shmoocon Heiland will demonstrate a program called “Praeda” (Latin for plunder) that uses a collection of common vulnerabilities and configuration issues, as default passwords, to access the printers from outside the corporate network. Vulnerable printers can then be used to compromise the network. When the tool enters the network, it can steal passwords and files, providing even greater access to servers and other devices.

Heiland says simple questions often make printer configuration is vulnerable in this way. For example, many producers did not force users to enter a new password to access the device. This means that many printers default password can be easily found in manuals available online. Moreover. Printers can be accessed via web browser often run insecure web server software, a knowledgeable attacker to find usernames and passwords

“We discovered that many of the printers, the data are not disguised very well,” said Heiland. “Where it stores your username and password, we can enter the source and finding the range with the information in plaintext.”