MalwareTips Team
Jul 22, 2014
Researchers at NewSky Security have found hundreds of Lexmark printers misconfigured, open to the public internet and easily accessible to anyone interested in taking control of targeted devices.

Researchers identified 1,123 Lexmark printers traced back to businesses, universities and in some cases U.S. government offices. Adversaries with access to those printers can perform a number of different malicious activities ranging from adding a backdoor to capturing print jobs, taking a printer offline or printing junk content to physically disrupt a printer’s operation.
Vulnerable Lexmark printers identified by researchers, using a custom Shodan search technique, lacked an administrative password.

“We focus on printers which can be controlled by anyone without hacking skills because of gross negligence of the users,” said Ankit Anubhav, researcher with NewSky Security in an interview with Threatpost.

Attacks on printers are far from new and have ranged from cross-site printing attacks, RAW printing on port 9100 or exploiting known printer IP addresses for networked devices. For its investigation, NewSky Security focused on printers with no security.

“While many people have awareness to change router passwords, printer security is still neglected at large. On similar lines, we observed that more than a thousand Lexmark printers are up for grabs for attackers, because they simply have no password,” according to NewSky Security that published its findings Monday.