Printer Vulnerabilites Almost as Bad as IoT

Recently ZDNet and Gizmodo published articles outlining a critical flaw in a large array of personal printers. While the number of printers with this flaw is staggering, the ramifications are even more impressive. Ultimately, any of these printers could have documents sent to them stolen even if the document was only intended to be printed as a hard copy.

Luckily the people responsible for this discovery are white-hat in nature, and the release of this information has been made public so the responsible parties can fix the security flaws. Whether or not the “responsible party” is the manufacturer of the printer, though, is still somewhat unclear because part of the exploit takes advantage of a standard that is part of almost all consumer-grade printers. The standard itself may need to be patched.

Right now, however, it doesn’t seem clear exactly how deep the rabbit hole goes. We all remember the DDoS attack that was caused by Internet of Things devices that were poorly secured, and it seems feasible that networked printers could take some part in a similar botnet if a dedicated user really needed them. At the very least, however, your printed documents might not be secure at all, and you may be seeing a patch for your printer’s firmware in the near future.

 

Forum addition: project requests

We’ve added a new section to our forums called Requests and Commissions. First, we can’t stress enough that this is NOT a place to ask for help with illegal or illicit actions. Hackaday has always been about hacking for good and that’s what motivated the creation of this forum. Time and again we’ve seen hackers helping out others by modifying gaming controllers for the those in need or bringing mobility to the disabled. The requests forum is a great place to ask for help with these types of projects, or just to team up with hackers that have skills in areas you don’t.

So swing by and check it out. The golden rule is keep it legal and keep it legit. And do remember that this is the Internet, so think about the decisions you are making. We’re not going to swoop in to save you if you end up getting scammed by a Nigerian prince to whom you sent a thousand dollars worth of parts to but didn’t receive a completed project in return. Any arrangements you make with another user are between you two, and do not involve us.