Intrusion into Xerox printer possible
If a printer refuses to print, it's usually because the paper is out or a network error. Sometimes, however, the interruption can come if the printer is the target of an attack over the LAN – particularly if an attacker attempts to infiltrate the printer. Printer-maker Xerox has released an advisory pointing to this possibility. That means that the multi-function devices for printing, copying, scanning and faxing from the WorkCentre and Workcentre Pro series contain a security hole in the integrated web server through which malicious code can be planted and executed.
Attackers could potentially spy on the contents of documents and impede printing operations – or secretly install software packets that convert the printer into a server for MP3 files or similar functions. The flaw affects the WorkCentre models 232, 238, 245, 255, 265 and 275 and WorkCentre Pro models 232, 238, 245, 255, 265 and 275. Xerox has provided updates to close the hole.
The problem has been known to Xerox for some time now. Back at the Black Hat Conference in early August, security specialist Brendan O'Connor made a presentation on how to bring a Xerox device under external control. A patch released in February of this year ostensibly claimed to have eliminated the problem, but it did not manage to plug the hole completely. The newly released patch finishes the job.
- Xerox Security Bulletin, advisory from the manufacturer.