User ‘Gross Negligence’ Leaves Hundreds of Lexmark Printers Open to Attack

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Researchers at NewSky Security have found hundreds of Lexmark printers misconfigured, open to the public internet and easily accessible to anyone interested in taking control of targeted devices.

Researchers identified 1,123 Lexmark printers traced back to businesses, universities and in some cases U.S. government offices. Adversaries with access to those printers can perform a number of different malicious activities ranging from adding a backdoor to capturing print jobs, taking a printer offline or printing junk content to physically disrupt a printer’s operation.
Vulnerable Lexmark printers identified by researchers, using a custom Shodan search technique, lacked an administrative password.

“We focus on printers which can be controlled by anyone without hacking skills because of gross negligence of the users,” said Ankit Anubhav, researcher with NewSky Security in an interview with Threatpost.

Attacks on printers are far from new and have ranged from cross-site printing attacks, RAW printing on port 9100 or exploiting known printer IP addresses for networked devices. For its investigation, NewSky Security focused on printers with no security.

“While many people have awareness to change router passwords, printer security is still neglected at large. On similar lines, we observed that more than a thousand Lexmark printers are up for grabs for attackers, because they simply have no password,” according to NewSky Security that published its findings Monday.
...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top