Printers on Default Settings Still Open Backdoors
Analysis of more than seven million wireless and wired devices by Pwnie Labs has found that wireless-enabled printers remain deployed in a potentially vulnerable default configuration.
The research found that 56% of wireless devices are HP printers, which can be used as a backdoor into private corporate networks. Wireless access points also remain vulnerable, with 35% of these showing weak or no encryption.
The analysis also found that Coolpad devices have overtaken Samsung as maker of devices accounting for the most prevalent vulnerable mobile hotspots, while HP Print has overtaken Xfinitywifi as the most common default open wireless network.
Paul Paget, CEO of Pwnie Express, said:
“As the IoT universe continues to grow, the corresponding attack surface for malicious actors is growing, giving them an easy and unsecured way into your organization’s most sensitive information – and this has understandably put information security professionals on edge.”
In an email to Infosecurity, Alex Farrant, senior vulnerability researcher at Context Information Security, said:
“Wireless connectivity has been standard on devices of all shapes and sizes for a long time, but due to the simple fact that it’s invisible then it is also invisible on many organizations’ network diagrams which fools people into thinking they have a secure perimeter.
“Even if an organization takes proactive steps to disable wireless interfaces, we’ve seen these changes reverted automatically after firmware updates or the press of a local reset button. This is why continuous monitoring (or even better) careful procurement is necessary.”
Terry Ip, security consultant at MWR InfoSecurity, told Infosecurity that without thinking about security from the outset, it can be difficult to rectify any shortcomings in the initial setup without causing disruption to business operations.
“As a result, many organizations unwittingly choose to leave their devices in a vulnerable state to maintain functionality,” he said.
“Printers designed for a corporate environment will not only come with an administrative dashboard and additional functions (such as email alerting), but also have SNMP enabled by default with the public community string. Attempts to rectify this by disabling SNMP or configuring a more secure community string typically results in Windows users seeing the printer appear offline."
“So it is not uncommon on internal penetration tests to see numerous printers with default passwords still configured. Other print features can cause problems too, such as access to file shares using a domain account for retrieving print jobs or storing scanned documents on the network. Insecure configuration of a printer with this ability or weak permissions on the share could provide a foothold for attackers on your network.”
A survey of more than 400 global IT security professionals found that 86% were concerned with connected device threats, while 55% had witnessed an attack via wireless devices, and 38% had witnessed an attack via mobile devices.
Source: Information Security Magazine