More than 1,000 Lexmark Printers Open to Attack Due to Misconfiguration
Researchers at NewSky Security have discovered more than a thousand Lexmark printers have been misconfigured by users and are accessible over the Internet. Many of the printers are used businesses, universities, and even the U.S. Government, yet they can be accessed via the Internet without the need for a password.
The lack of security means unauthorized individuals can connect to the printers, which in some cases are connected to sensitive networks. Attacking those printers requires no skill and is a quick and easy process. Any individual can remotely access and take full control of the device. It would be possible for anyone to set a password for the printer, add a backdoor and capture print jobs. NewSky Security says the lack of an administrator password is gross negligence by users.
The researchers identified the misconfigured Lexmark printers by performing a search on the search engine Shodan. Of the 1,475 unique IPs found, 1,123 printers had no security at all and only 24% redirected the researchers to a login page. The researchers explained, “an attacker can take control of these poorly configured devices without any impressive hacking skills.”
One of the unsecured printers was being used by the Lafayette Consolidated Government, with the majority belonging to universities. NewSky is currently reaching out to organizations affected to alert them to the problem.
The researchers explained that they have focused on printer security because it is still largely neglected by end users.
This is not the first time printer misconfigurations have been discovered by the researchers. Similar misconfigurations were identified on Brother printers in October, which saw administrative panels accessible over ports 80 and 443.
It is possible that many other brands of Internet-enabled printers are similarly exposed. Organizations that have purchased Internet-enabled printers should ensure that the devices are configured correctly, that they are isolated from the public Internet, that default passwords are changed, and strong admin passwords set on the devices. Open ports should be closed and unnecessary services stopped.