Security threats from ... Xerox printers

Yesterday (August 4), a serious security flaw in Xerox's WorkCenter multi-function printer may be used to make the attack tool revealed at Black Hat.

By taking advantage of a configuration error in the web interface of the aforementioned printer, Brendan O'Connor, a security researcher, can run unauthorized software on the device, monitor and capture packets in The network and collected sensitive information was printed through the WorkCenter printer.

O'Connor has published details of how to attack by taking advantage of security flaws in the WorkCenter printer at this year's Black Hat Conference.

Picture 1 of Security threats from ... Xerox printers

Xerox WorkCenter printer

Meanwhile, Xerox product developers are urgently developing a security update to fix the problem.

Potential hazards for businesses

" Think about sensitive data printed through the WorkCenter printer ," said O'Connor. " Users only know how to print and trust devices like this. Users don't know about the potential threats in there ."

O'Connor claims he wants to use the "Xerox case" to warn people about potential security threats in embedded devices with many powerful features that are increasingly widely used, especially in business environment.

" I think this issue has not received adequate attention ," said O'Connor, a security expert with a small US financial company.

Which product makes a mistake?

Last February, Xerox released a security patch for the WorkCenter product line and the WorkCenter Pro 200 Series was sold between October 2005 and June 2006, Armon Rahgozar - Chief Technology Officer. and Xerox partner office solution - said.

However, that patch has not completely overcome the security errors, O'Connor said. "The place where my company is working is still vulnerable to these vulnerabilities."

Rahgozar said Xerox is urgently looking for solutions to overcome the above security breach. Customers can download the patch via Xerox's website or wait for its engineers to install and fix any problems in the upcoming customer service.

Besides, Xerox is also developing an automatic update system similar to Microsoft's Windows system for its products, Rahgozar said. " We want to follow the model that Microsoft has lost quite a bit to learn ."

Hoang Dung